Lucene search
K

11 matches found

CVE
CVE
added 2020/02/06 3:10 a.m.131 views

CVE-2019-20406

CVE-2019-20406 affects Atlassian Confluence on Windows. The vulnerability is a DLL hijacking flaw in which local attackers with permission to write a DLL in a directory on the global PATH can inject code and escalate privileges. Affected versions are Confluence on Windows before 7.0.5, and from 7...

7.8CVSS7.5AI score0.0048EPSS
CVE
CVE
added 2019/11/08 3:55 a.m.105 views

CVE-2019-15005

The CVE-2019-15005 vulnerability concerns the Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2, which is bundled with multiple Atlassian products. An unprivileged user can initiate periodic log scans and have the results emailed to a user-specified address due to ...

4.3CVSS4.3AI score0.01334EPSS
CVE
CVE
added 2020/07/01 1:35 a.m.101 views

CVE-2020-4027

Atlassian Confluence Server/Data Center is affected by CVE-2020-4027 due to an injection vulnerability in custom user macros that allows remote attackers with system administration permissions to bypass velocity template injection mitigations. Affected versions are before 7.4.5 and 7.5.0 before 7...

6.5CVSS4.9AI score0.01515EPSS
CVE
CVE
added 2019/03/25 6:37 p.m.94 views

CVE-2019-3395

CVE-2019-3395 affects Atlassian Confluence Server and Data Center via an SSRF vulnerability in the WebDAV endpoint. The issue allows remote attackers to send arbitrary HTTP/WebDAV requests from the Confluence server due to a Server-Side Request Forgery flaw. Affected versions are: before 6.6.7 (f...

9.8CVSS9.3AI score0.06712EPSS
CVE
CVE
added 2012/05/22 3:0 p.m.79 views

CVE-2012-2926

CVE-2012-2926 covers multiple Atlassian products (JIRA <5.0.1; Confluence pre-3.5.16, 4.0.x <4.0.7, 4.1.x <4.1.10; FishEye/Crucible, Bamboo <3.3.4/3.4.x; Crowd <2.0.9, <2.1.2, <2.2.9, <2.3.7,

9.1CVSS9AI score0.66578EPSS
CVE
CVE
added 2018/02/02 2:0 p.m.69 views

CVE-2017-18084

CVE-2017-18084 affects Atlassian Confluence Server

4.8CVSS4.9AI score0.00612EPSS
CVE
CVE
added 2018/02/02 2:0 p.m.65 views

CVE-2017-18085

CVE-2017-18085 affects Atlassian Confluence Server prior to version 6.6.1, with a reflected XSS in the viewdefaultdecorator resource via the key parameter. Proof-of-impact details: arbitrary HTML/JavaScript can be injected. Affected products and versions are supported by multiple connected source...

6.1CVSS5.9AI score0.00825EPSS
CVE
CVE
added 2018/02/02 2:0 p.m.58 views

CVE-2017-18083

CVE-2017-18083 affects Atlassian Confluence Server before 6.4.0, where the editinword resource is vulnerable to cross-site scripting (XSS) via the contents of an uploaded file. The issue enables an attacker to inject arbitrary HTML/JavaScript through the uploaded file contents, as described in mu...

5.4CVSS5.2AI score0.00591EPSS
CVE
CVE
added 2017/12/05 4:0 p.m.56 views

CVE-2017-16856

CVE-2017-16856 affects Atlassian Confluence via the RSS Feed macro. The issue is a cross-site scripting (XSS) flaw in various RSS properties used as links without restricting their URL scheme, allowing remote injection of HTML/JavaScript. Affected product/version details in provided documents poi...

6.1CVSS6.2AI score0.00809EPSS
CVE
CVE
added 2018/07/10 1:0 p.m.53 views

CVE-2018-13389

CVE-2018-13389 affects Atlassian Confluence versions before 6.6.1. The vulnerability allows remote attackers to spoof web content in Mozilla Firefox by serving attachments with a content-type of application/rdf+xml, enabling content spoofing via the attachment resource. The Nessus entry and vendo...

4.7CVSS4.7AI score0.00998EPSS
CVE
CVE
added 2018/02/02 2:0 p.m.52 views

CVE-2017-18086

CVE-2017-18086 affects Atlassian Confluence Server prior to 6.4.2, where the issuesURL parameter can be exploited to inject arbitrary HTML/JavaScript via a reflected XSS vulnerability. Public sources (NVD/Nessus/CNVD) describe the issue as a reflected XSS in multiple resources using the issuesURL...

6.1CVSS5.9AI score0.00825EPSS