Atlassian Confluence is vulnerable to a persistent cross-site scripting vulnerability occurring in pages carrying attached files
Reporter | Title | Published | Views | Family All 14 |
---|---|---|---|---|
0day.today | Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting Vulnerability | 4 Jan 201700:00 | – | zdt |
CVE | CVE-2016-6283 | 18 Jan 201722:59 | – | cve |
CVE | CVE-2016-4317 | 10 Apr 201703:59 | – | cve |
NVD | CVE-2016-6283 | 18 Jan 201722:59 | – | nvd |
NVD | CVE-2016-4317 | 10 Apr 201703:59 | – | nvd |
Prion | Cross site scripting | 18 Jan 201722:59 | – | prion |
Prion | Cross site scripting | 10 Apr 201703:59 | – | prion |
Packet Storm | Atlassian Confluence 5.9.12 Cross Site Scripting | 4 Jan 201700:00 | – | packetstorm |
Cvelist | CVE-2016-6283 | 18 Jan 201722:00 | – | cvelist |
Cvelist | CVE-2016-4317 | 10 Apr 201703:00 | – | cvelist |
Source | Link |
---|---|
exploit-db | www.exploit-db.com/exploits/40989/ |
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:atlassian:confluence";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106492");
script_version("2023-07-14T16:09:27+0000");
script_tag(name:"last_modification", value:"2023-07-14 16:09:27 +0000 (Fri, 14 Jul 2023)");
script_tag(name:"creation_date", value:"2017-01-05 11:09:21 +0700 (Thu, 05 Jan 2017)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-01-20 13:58:00 +0000 (Fri, 20 Jan 2017)");
script_cve_id("CVE-2016-6283", "CVE-2016-4317");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Atlassian Confluence XSS Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_atlassian_confluence_http_detect.nasl");
script_mandatory_keys("atlassian/confluence/detected");
script_tag(name:"summary", value:"Atlassian Confluence is prone to a cross-site scripting vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Atlassian Confluence is vulnerable to a persistent cross-site scripting
vulnerability because it fails to securely validate user controlled data. The bug occurs at pages carrying attached
files, even though the attached file name parameter is correctly sanitized upon submission, it is possible for an
attacker to later edit the attached file name property and supply crafted data (i.e HTML tags and script code)
without the occurrence of any security checks, resulting in an exploitable persistent XSS.");
script_tag(name:"affected", value:"Atlassian Confluence before version 5.10.6.");
script_tag(name:"solution", value:"Update to 5.10.6 or later versions.");
script_xref(name:"URL", value:"https://www.exploit-db.com/exploits/40989/");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (isnull(port = get_app_port(cpe: CPE)))
exit(0);
if (!version = get_app_version(cpe: CPE, port: port))
exit(0);
if (version_is_less(version: version, test_version: "5.10.6")) {
report = report_fixed_ver(installed_version: version, fixed_version: "5.10.6");
security_message(port: port, data: report);
exit(0);
}
exit(99);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo