Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
AtlassianConfluence Server

9 matches found

cve
cveadded 2023/05/25 2:15 p.m.128 views

CVE-2023-22504

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

6.5CVSS4.7AI score0.00148EPSS
cve
cveadded 2019/12/19 1:15 a.m.121 views

CVE-2019-15006

There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence...

6.5CVSS6.2AI score0.01073EPSS
cve
cveadded 2020/07/01 2:15 a.m.83 views

CVE-2020-4027

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7...

6.5CVSS4.9AI score0.00185EPSS
cve
cveadded 2021/01/19 1:15 a.m.78 views

CVE-2020-29450

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.

6.5CVSS6.4AI score0.0073EPSS
cve
cveadded 2024/11/27 5:15 p.m.69 views

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive ...

6.4CVSS6.5AI score0.0002EPSS
cve
cveadded 2020/04/22 4:15 a.m.66 views

CVE-2019-20102

The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified mimeType parameter.

6.1CVSS6.1AI score0.00407EPSS
cve
cveadded 2019/02/13 6:29 p.m.54 views

CVE-2018-20237

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

6.5CVSS6.3AI score0.00563EPSS
cve
cveadded 2014/05/13 2:55 p.m.43 views

CVE-2012-6342

Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment.

6.8CVSS7.2AI score0.0018EPSS
cve
cveadded 2012/05/22 3:55 p.m.42 views

CVE-2012-2928

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

6.4CVSS7.1AI score0.0193EPSS