4 matches found
CVE-2020-36290
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting XSS...
CVE-2020-36290
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting XSS...
CVE-2020-36290
CVE-2020-36290 affects Atlassian Confluence Server/Data Center via the Livesearch macro. Vulnerable versions include pre-7.4.5, 7.5.0–7.6.2, and 7.7.0–7.7.3 (up to 7.7.4 in some listings), where remote attackers with page/blog edit permission can inject arbitrary HTML/JavaScript into the page exc...
Stored XSS in the Livesearch macro - CVE-2020-36290
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting XSS...