Confluence Security Vulnerabilities and Issues — Confluence CVE List

Lucene search

AtlassianConfluence

5 matches found

CVE•added 2018/02/02 2:29 p.m.•52 views

CVE-2017-18084

The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.

4.8CVSS4.9AI score0.00139EPSS

CVE•added 2018/02/02 2:29 p.m.•48 views

CVE-2017-18085

The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

6.1CVSS5.9AI score0.00202EPSS

CVE•added 2018/02/02 2:29 p.m.•41 views

CVE-2017-18083

The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.

5.4CVSS5.2AI score0.00204EPSS

CVE•added 2018/02/02 2:29 p.m.•38 views

CVE-2017-18086

Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.

6.1CVSS5.9AI score0.00202EPSS

CVE•added 2018/07/10 1:29 p.m.•36 views

CVE-2018-13389

The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.

4.7CVSS4.7AI score0.0017EPSS