2 matches found
CVE-2017-16856
CVE-2017-16856 affects Atlassian Confluence via the RSS Feed macro. The issue is a cross-site scripting (XSS) flaw in various RSS properties used as links without restricting their URL scheme, allowing remote injection of HTML/JavaScript. Affected product/version details in provided documents poi...
XSS through various RSS properties in the RSS macro - CVE-2017-16856
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting XSS vulnerabilities in various rss properties which were used as links without restriction on their scheme. h5. Acknowledgements Atlassian would...