RSS   Vulnerabilities for 'Confluence'   RSS

2019-02-13
 
CVE-2018-20237

CWE-200
 

 
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

 
2018-07-10
 
CVE-2018-13389

CWE-20
 

 
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.

 
2018-02-02
 
CVE-2017-18086

CWE-79
 

 
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.

 
 
CVE-2017-18085

CWE-79
 

 
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

 
 
CVE-2017-18084

CWE-79
 

 
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.

 
 
CVE-2017-18083

CWE-79
 

 
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.

 
2017-12-05
 
CVE-2017-16856

CWE-79
 

 
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.

 
2017-06-15
 
CVE-2017-9505

 

 
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.

 
2017-04-27
 
CVE-2017-7415

 

 
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.

 
2017-04-09
 
CVE-2016-4317

CWE-79
 

 
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.

 


Copyright 2019, cxsecurity.com

 

Back to Top