6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.0%
The βHTML Include and replace macroβ plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.
github.com/l0nax/CVE-2019-15053
marketplace.atlassian.com/apps/4885/html-include-and-replace-macro?hosting=server&tab=versions