Lucene search

Confluence Server Security Vulnerabilities - 2020

cve

CVE-2019-20102

The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified mimeType parameter.

6.1CVSS

6.1AI Score

0.001EPSS

2020-04-22 04:15 AM

cve

CVE-2019-20406

The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & esca...

7.8CVSS

7.5AI Score

0.001EPSS

2020-02-06 03:15 AM

cve

CVE-2020-14175

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.

5.4CVSS

5.2AI Score

0.001EPSS

2020-07-24 07:15 AM

cve

CVE-2020-4027

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7...

4.7CVSS

4.9AI Score

0.001EPSS

2020-07-01 02:15 AM