EUVD-2017-9221

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Atlassian Confluence Server before version 6.3.4 has XSS vulnerability allowing remote HTML JavaScript injection.

Reporter	Title	Published	Views	Family All 10
Atlassian	XSS in User Macros Description Field	17 Aug 201706:08	–	atlassian
Atlassian	XSS in the usermacros resource through the description of a macro - CVE-2017-18084	2 Feb 201800:11	–	atlassian
Atlassian	XSS in the usermacros resource through the description of a macro - CVE-2017-18084	2 Feb 201800:11	–	atlassian
CNVD	Atlassian Confluence Server Cross-Site Scripting Vulnerability (CNVD-2018-03442)	7 Feb 201800:00	–	cnvd
Tenable Nessus	Atlassian Confluence < 6.3.4 usermacros Reflected XSS (CVE-2017-18084)	22 Feb 201800:00	–	nessus
CVE	CVE-2017-18084	2 Feb 201814:00	–	cve
Cvelist	CVE-2017-18084	2 Feb 201814:00	–	cvelist
NVD	CVE-2017-18084	2 Feb 201814:29	–	nvd
OSV	CVE-2017-18084	2 Feb 201814:29	–	osv
Prion	Cross site scripting	2 Feb 201814:29	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "5d2cf76a-fbe4-359f-9a83-c10c0adce153",
        "vendor": {
          "name": "Atlassian"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "ecc2ab3e-1d63-3275-aa04-292498b4f231",
        "product": {
          "name": "Confluence"
        },
        "product_version": "prior to 6.3.4"
      }
    ]
  }
]

Source	Link
jira	www.jira.atlassian.com/browse/CONFSERVER-54904
securityfocus	www.securityfocus.com/bid/103064
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

5.1Medium risk

Vulners AI Score5.1

CVSS 34.8

CVSS 23.5

EPSS0.00129