Lucene search
K

2907 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.6 views

Atlassian Confluence 7.19.x < 9.2.14 / 9.2.15 / 9.3.x < 10.2.3 / 10.2.6 (CONFSERVER-102132)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102132 advisory. - The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

7.5CVSS6.9AI score0.0046EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.8 views

Atlassian Confluence 7.19.x < 9.2.7 / 9.3.1 < 9.5.3 / 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-102193)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102193 advisory. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affec...

7.5CVSS5.6AI score0.63258EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.6 views

Atlassian Confluence 9.0.0 < 9.2.14 / 9.2.15 / 9.3.1 < 10.2.3 / 10.2.6 (CONFSERVER-102186)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102186 advisory. - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of...

7.5CVSS6.9AI score0.01725EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.8 views

Atlassian Confluence 7.19.x < 8.5.10 / 8.6.x < 9.2.5 / 9.3.x < 9.3.1 / 9.4.x < 9.5.1 / 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101930)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101930 advisory. - tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...

8.7CVSS6.3AI score0.00516EPSS
Exploits0References2
OSV
OSV
added 2026/02/17 6:9 p.m.3 views

GO-2026-4456 Mattermost Confluence plugin doesn't properly escape user-controlled display names in HTML template rendering in github.com/mattermost/mattermost-plugin-confluence

Mattermost Confluence plugin doesn't properly escape user-controlled display names in HTML template rendering in github.com/mattermost/mattermost-plugin-confluence...

7.7CVSS5.4AI score0.00189EPSS
Exploits0References3
Atlassian
Atlassian
added 2026/02/12 10:27 p.m.25 views

DoS (Denial of Service) in Confluence Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-48976 was introduced in versions 7.19 of Confluence Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS5.4AI score0.63258EPSS
Exploits1
Atlassian
Atlassian
added 2026/02/11 5:29 p.m.22 views

DoS (Denial of Service) in Confluence Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2022-25927 was introduced in versions 9.0 of Confluence Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS5.5AI score0.01725EPSS
Exploits2
Atlassian
Atlassian
added 2026/02/11 5:28 p.m.20 views

DoS (Denial of Service) in Confluence Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2022-25883 was introduced in versions 8.5 of Confluence Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS5.5AI score0.02761EPSS
Exploits1
Atlassian
Atlassian
added 2026/02/11 4:29 p.m.20 views

DoS (Denial of Service) in Confluence Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2020-28469 was introduced in versions 7.19 of Confluence Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS5.5AI score0.04456EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.6 views

CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.7AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 6:30 p.m.4 views

GHSA-FFX7-34P2-VM3W Mattermost Confluence plugin doesn't properly escape user-controlled display names in HTML template rendering

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.9AI score0.00189EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/06 6:30 p.m.13 views

Mattermost Confluence plugin doesn't properly escape user-controlled display names in HTML template rendering

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.8AI score0.00189EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/06 4:16 p.m.8 views

CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 4:16 p.m.5 views

CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

5.4CVSS6AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/06 3:52 p.m.27 views

CVE-2025-13523 Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS0.00189EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 3:52 p.m.3 views

CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.9AI score0.00189EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/06 3:52 p.m.4 views

CVE-2025-13523 Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.8AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 3:52 p.m.7 views

EUVD-2025-206888

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.7AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 3:52 p.m.17 views

CVE-2025-13523

CVE-2025-13523 affects Mattermost Confluence plugin versions prior to 1.7.0. The root cause is improper escaping of user-controlled display names during HTML template rendering. This allows authenticated Confluence users with malicious display names to trigger arbitrary JavaScript execution in a ...

7.7CVSS5.8AI score0.00189EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.7 views

PT-2026-6729

Name of the Vulnerable Software and Affected Versions Mattermost Confluence plugin versions prior to 1.7.0 Description The Mattermost Confluence plugin does not properly sanitize user-controlled display names when rendering HTML templates. This allows authenticated Confluence users with malicious...

9.9CVSS5.8AI score0.27661EPSS
Exploits45References115
Rows per page
Query Builder