CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8398 – Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-8398
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. Vulnerabilidad de XSS en Atlassian Confluence en versiones anteriores a 5.8.17 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de PATH_INFO a rest/prototype/1/session/check. Atlassian Confluence suffers from cross site scripting and insecure direct object reference vulnerabilities. The cross site scripting affects versions 5.2, 5.8.14, and 5.8.15. The reference vulnerability affects versions 5.9.1, 5.8.14, and 5.8.15. • https://www.exploit-db.com/exploits/39170 http://www.securityfocus.com/archive/1/537232/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 96%CPEs: 1EXPL: 1CVE-2015-8399 – Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-8399
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. Atlassian Confluence en versiones anteriores a 5.8.17 permite a usuarios remotos autenticados leer archivos de configuración a través del parámetro decoratorName en (1) spaces/viewdefaultdecorator.action o (2) admin/viewdefaultdecorator.action. Atlassian Confluence suffers from cross site scripting and insecure direct object reference vulnerabilities. The cross site scripting affects versions 5.2, 5.8.14, and 5.8.15. The reference vulnerability affects versions 5.9.1, 5.8.14, and 5.8.15. • https://www.exploit-db.com/exploits/39170 http://www.securityfocus.com/archive/1/537232/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 45%CPEs: 17EXPL: 1CVE-2012-2926 – Atlassian Tempo 6.4.3 / JIRA 5.0.0 / Gliffy 3.7.0 - XML Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2012-2926
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. Atlassian JIRA antes de v5.0.1; Confluence antes de v3.5.16, v4.0 antes de v4.0.7, y v4.1 antes del v4.1.10; 'FishEye and Crucible' antes de v2.5.8, v2.6 antes de v2.6.8, y v2.7 antes de v2.7.12; Bamboo antes de v3.3.4 y v3.4.x antes de v3.4.5, y Crowd antes de v2.0.9, v2.1 antes de v2.1.2, v2.2 antes de v2.2.9, v2.3 antes de v2.3.7 y v2.4 antes de v2.4.1 no restringen correctamente las capacidades de los analizadores XML de de terceros, lo que permite leer ficheros de su elección o causar una denegación de servicio (por excesivo consumo de recursos) a atacantes remotos a través de vectores no especificados. • https://www.exploit-db.com/exploits/37218 http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17 http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 http://osvdb.org/81993 http://secunia&# •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3967
https://notcve.org/view.php?id=CVE-2005-3967
Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter. • http://pridels0.blogspot.com/2005/12/confluence-enterprise-wiki-xss-vuln.html http://secunia.com/advisories/17833 http://www.osvdb.org/21377 http://www.securityfocus.com/bid/15688 http://www.vupen.com/english/advisories/2005/2691 •