Confluence@* Security Vulnerabilities and Issues — Confluence@* CVE List

Lucene search

AtlassianConfluence*

4 matches found

CVE•added 2017/06/15 4:29 p.m.•59 views

CVE-2017-9505

Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added...

4.3CVSS4.3AI score0.00311EPSS

CVE•added 2017/01/18 10:59 p.m.•53 views

CVE-2016-6283

Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.

6.1CVSS6AI score0.02574EPSS

CVE•added 2017/12/05 4:29 p.m.•44 views

CVE-2017-16856

The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.

6.1CVSS6.2AI score0.00203EPSS

CVE•added 2017/04/10 3:59 a.m.•36 views

CVE-2016-4317

Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.

5.4CVSS5.3AI score0.00216EPSS