Vulnerability in Atlassian Confluence
CVE-2017-18085
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.
EPSS: 0.002 (40.4th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Confluence — versions prior to 6.6.1
References
- 103062 (vdb-entry, x_refsource_BID)
- jira.atlassian.com/browse/CONFSERVER-54905 (x_refsource_CONFIRM)