Atlassian Confluence
12 CVEs affecting Atlassian Confluence. Latest disclosed: 2019-04-18. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2012-2926 | Critical | 9.1 | 2012-05-22 | Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 be… |
CVE-2017-16856 | Medium | 6.1 | 2017-12-05 | The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) v… |
CVE-2016-6283 | Medium | 6.1 | 2017-01-18 | Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileNa… |
CVE-2015-8398 | Medium | 6.1 | 2016-04-11 | Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO… |
CVE-2016-4317 | Medium | 5.4 | 2017-04-10 | Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. |
CVE-2017-9505 | Medium | 4.3 | 2017-06-15 | Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comm… |
CVE-2015-8399 | Medium | 4.3 | 2016-04-11 | Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecor… |
CVE-2019-3398 | | 2019-04-18 | Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attach… | |
CVE-2018-13389 | | 2018-07-10 | The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attach… | |
CVE-2017-18085 | | 2018-02-02 | The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cros… | |
CVE-2017-18084 | | 2018-02-02 | The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scr… | |
CVE-2017-18083 | | 2018-02-02 | The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scr… |