CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18084
https://notcve.org/view.php?id=CVE-2017-18084
02 Feb 2018 — The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. El recurso usermacros en Atlassian Confluence Server, en versiones anteriores a la 6.3.4, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) a través de la descripción de una macro. • http://www.securityfocus.com/bid/103064 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18085
https://notcve.org/view.php?id=CVE-2017-18085
02 Feb 2018 — The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter. El recurso viewdefaultdecorator en Atlassian Confluence Server, en versiones anteriores a la 6.6.1, permite que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) a través del parámetro key. • http://www.securityfocus.com/bid/103062 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18086
https://notcve.org/view.php?id=CVE-2017-18086
02 Feb 2018 — Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. Varios recursos en Atlassian Confluence Server, en versiones anteriores a la 6.4.2, permiten que atacantes remotos inyecten HTML o JavaScript arbitrario mediante una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro issuesURL. • http://www.securityfocus.com/bid/103061 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16856
https://notcve.org/view.php?id=CVE-2017-16856
05 Dec 2017 — The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme. La macro RSS Feed en Atlassian Confluence en versiones anteriores a la 6.5.2 permite que atacantes remotos inyecten código HTML o JavaScript arbitrario mediante vulnerabilidades de Cross-Site Scripting (XSS) en varias propiedades rss, que fueron empl... • http://www.securityfocus.com/bid/102094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9505
https://notcve.org/view.php?id=CVE-2017-9505
15 Jun 2017 — Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself. Atlassian Confluence desde la versión 4.3.0 hasta la 6.2.1 no comprobaba si un usuario tenía permiso para visu... • http://www.securityfocus.com/bid/99086 • CWE-276: Incorrect Default Permissions •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4317
https://notcve.org/view.php?id=CVE-2016-4317
10 Apr 2017 — Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. Atlassian Confluence Server en versiones anteriores a 5.9.11 tiene XSS en la página viewmyprofile.action. • http://www.securityfocus.com/bid/97513 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 2CVE-2016-6283 – Atlassian Confluence < 5.10.6 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-6283
04 Jan 2017 — Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. Vulnerabilidad de XSS en Atlassian Confluence en versiones anteriores a 5.10.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro newFileName para pages/doeditattachment.action. • https://packetstorm.news/files/id/140363 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 91%CPEs: 1EXPL: 2CVE-2015-8399 – Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-8399
04 Jan 2016 — Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. Atlassian Confluence en versiones anteriores a 5.8.17 permite a usuarios remotos autenticados leer archivos de configuración a través del parámetro decoratorName en (1) spaces/viewdefaultdecorator.action o (2) admin/viewdefaultdecorator.action. Atlassian Confluence suffers from cross site scripting... • https://packetstorm.news/files/id/135130 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2015-8398 – Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-8398
04 Jan 2016 — Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. Vulnerabilidad de XSS en Atlassian Confluence en versiones anteriores a 5.8.17 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de PATH_INFO a rest/prototype/1/session/check. Atlassian Confluence suffers from cross site scripting and insecure direct object reference vulnera... • https://packetstorm.news/files/id/135130 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 68%CPEs: 17EXPL: 3CVE-2012-2926 – Atlassian Tempo 6.4.3 / JIRA 5.0.0 / Gliffy 3.7.0 - XML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2012-2926
22 May 2012 — Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vecto... • https://packetstorm.news/files/id/181107 •