11 matches found
CVE-2019-20406
CVE-2019-20406 affects Atlassian Confluence on Windows. The vulnerability is a DLL hijacking flaw in which local attackers with permission to write a DLL in a directory on the global PATH can inject code and escalate privileges. Affected versions are Confluence on Windows before 7.0.5, and from 7...
CVE-2019-15005
The CVE-2019-15005 vulnerability concerns the Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2, which is bundled with multiple Atlassian products. An unprivileged user can initiate periodic log scans and have the results emailed to a user-specified address due to ...
CVE-2020-4027
Atlassian Confluence Server/Data Center is affected by CVE-2020-4027 due to an injection vulnerability in custom user macros that allows remote attackers with system administration permissions to bypass velocity template injection mitigations. Affected versions are before 7.4.5 and 7.5.0 before 7...
CVE-2019-3395
CVE-2019-3395 affects Atlassian Confluence Server and Data Center via an SSRF vulnerability in the WebDAV endpoint. The issue allows remote attackers to send arbitrary HTTP/WebDAV requests from the Confluence server due to a Server-Side Request Forgery flaw. Affected versions are: before 6.6.7 (f...
CVE-2012-2926
CVE-2012-2926 covers multiple Atlassian products (JIRA <5.0.1; Confluence pre-3.5.16, 4.0.x <4.0.7, 4.1.x <4.1.10; FishEye/Crucible, Bamboo <3.3.4/3.4.x; Crowd <2.0.9, <2.1.2, <2.2.9, <2.3.7,
CVE-2017-18084
CVE-2017-18084 affects Atlassian Confluence Server
CVE-2017-18085
CVE-2017-18085 affects Atlassian Confluence Server prior to version 6.6.1, with a reflected XSS in the viewdefaultdecorator resource via the key parameter. Proof-of-impact details: arbitrary HTML/JavaScript can be injected. Affected products and versions are supported by multiple connected source...
CVE-2017-18083
CVE-2017-18083 affects Atlassian Confluence Server before 6.4.0, where the editinword resource is vulnerable to cross-site scripting (XSS) via the contents of an uploaded file. The issue enables an attacker to inject arbitrary HTML/JavaScript through the uploaded file contents, as described in mu...
CVE-2017-16856
CVE-2017-16856 affects Atlassian Confluence via the RSS Feed macro. The issue is a cross-site scripting (XSS) flaw in various RSS properties used as links without restricting their URL scheme, allowing remote injection of HTML/JavaScript. Affected product/version details in provided documents poi...
CVE-2018-13389
CVE-2018-13389 affects Atlassian Confluence versions before 6.6.1. The vulnerability allows remote attackers to spoof web content in Mozilla Firefox by serving attachments with a content-type of application/rdf+xml, enabling content spoofing via the attachment resource. The Nessus entry and vendo...
CVE-2017-18086
CVE-2017-18086 affects Atlassian Confluence Server prior to 6.4.2, where the issuesURL parameter can be exploited to inject arbitrary HTML/JavaScript via a reflected XSS vulnerability. Public sources (NVD/Nessus/CNVD) describe the issue as a reflected XSS in multiple resources using the issuesURL...