Atlassian Confluence 6.14.x < 6.15.10 Man-In-The-Middle

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 6.11.x 6.13.10, 6.14.x 6.15.10, 7.0.1 7.0.5 or 7.1.x 7.1.2. It is, therefore, affected by a man-in-the-middle MITM vulnerability present in the Confluence Previews plugin. Note that t...

Atlassian Confluence 6.14.x < 6.15.5 Information Disclosure

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.13.6, 6.14.x 6.15.5 or 7.0.x 7.0.1. It is, therefore, affected by a missing permissions check vulnerability allowing remote attackers to obtain information about configured...

Atlassian Confluence 6.14.x < 6.14.3 / 6.15.x < 6.15.5 stored cross-site-scripting (SXSS) Vulnerability

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 6.14.x prior to 6.14.3, or 6.15.x prior to 6.15.5. It is, therefore, affected by a stored cross-site-scripting SXSS vulnerability. due to improper validation of user-supplied input...

Atlassian Confluence 6.1.x < 6.6.16 / 6.7.x < 6.13.7 / 6.14.x < 6.15.8 Local File Disclosure Vulnerability

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 6.1.x prior to 6.6.16, 6.7.x prior to 6.13.7, 6.14.x prior to 6.15.8. It is, therefore, affected by a local file disclosure vulnerability which exists in page export component. An...

Atlassian Confluence 6.14.x < 6.14.3 Directory Traversal Vulnerability

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.6.13, 6.7.x prior to 6.12.4, 6.13.x prior to 6.13.4, 6.14.x prior to 6.14.3 or 6.15.x prior to 6.15.2. It is, therefore, affected by a directory traversal vulnerability whi...

Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Multiple Vulnerabilities

Binary data 700661.prm...

Copying and pasting Status Macro (or TOC Macro) over https triggers mixed content and breaks certificate trust

h3. Issue Summary Copying and pasting a status macro or TOC over https in the browser will trigger mix content action, it will break the certificate trust on request of: Status macro plugins/servlet/status-macro/placeholder?title=titlehere&colour=Yellow TOC macro...