Vulnerability in Atlassian Confluence
CVE-2017-18083
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.
EPSS: 0.002 (40.5th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Confluence — versions prior to 6.4.0
References
- jira.atlassian.com/browse/CONFSERVER-54903 (x_refsource_CONFIRM)