Vulnerability CVE-2017-18085


Published: 2018-02-02

Description:
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: Atlassian
Product: Confluence 
Version:
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0
5.9.9
5.9.8
5.9.7
5.9.6
5.9.5
5.9.4
5.9.3
5.9.2
5.9.12
5.9.11
5.9.10
5.9.1
5.8.16
5.5.0
5.10.5
5.10.3
5.10.2
5.10.1
5.10.0
4.1.9
4.1.7
4.1.6
4.1.5
4.1.4
4.1.3
4.1.2
4.1
4.0.5
4.0.4
4.0.3
4.0
3.5.9
3.5.7
3.5.6
3.5.5
3.5.4
3.5.3
3.5.2
3.5.13
3.5.11
3.5.1
3.5
3.4.9
3.4.8
3.4.7
3.4.6
3.4.5
3.4.3
3.4.2
3.4.1
3.4
3.3.3
3.3.1
3.3
3.2.1
3.2
3.1.2
3.1.1
3.1
3.0.2
3.0.1
3.0
2.9.3
2.9.2
2.9.1
2.9
2.8.3
2.8.2
2.8.1
2.8
2.7.4
2.7.3
2.7.2
2.7.1
2.7
2.6.3
2.6.2
2.6.1
2.6
2.10.4
2.10.3
2.10.2
2.10.1
2.10
1.4.4
1.4.3
1.4.2
1.4.1
1.4
1.3.6
1.3.5
1.3.4
1.3.2
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.securityfocus.com/bid/103062
https://jira.atlassian.com/browse/CONFSERVER-54905

Related CVE
CVE-2018-20238
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
CVE-2018-20237
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
CVE-2018-20232
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved ...
CVE-2018-13403
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross s...
CVE-2016-10740
Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.
CVE-2018-1000423
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credenti...
CVE-2018-1000422
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacke...
CVE-2018-1000419
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.

Copyright 2019, cxsecurity.com

 

Back to Top