Confluence Server Security Vulnerabilities and Issues — Confluence Server CVE List

Lucene search

AtlassianConfluence Server

7 matches found

CVE•added 2021/08/03 12:15 a.m.•1042 views

CVE-2021-26085

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

5.3CVSS5.3AI score0.94187EPSS

CVE•added 2021/05/07 6:15 a.m.•92 views

CVE-2020-29444

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.

5.4CVSS5.3AI score0.00233EPSS

CVE•added 2021/02/22 9:15 p.m.•90 views

CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect pat...

5.3CVSS5.5AI score0.00301EPSS

CVE•added 2020/07/24 7:15 a.m.•76 views

CVE-2020-14175

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.

5.4CVSS5.2AI score0.00237EPSS

CVE•added 2019/04/30 4:29 p.m.•73 views

CVE-2018-20239

Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the appl...

5.4CVSS5.2AI score0.00407EPSS

CVE•added 2023/05/01 5:15 p.m.•66 views

CVE-2023-22503

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan...

5.3CVSS5AI score0.00288EPSS

CVE•added 2022/07/26 4:15 a.m.•55 views

CVE-2020-36290

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnera...

5.4CVSS5.2AI score0.00223EPSS