Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian confluence server vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2012-2926
Atlassian JIRA prior to 5.0.1; Confluence prior to 3.5.16, 4.0 prior to 4.0.7, and 4.1 prior to 4.1.10; FishEye and Crucible prior to 2.5.8, 2.6 prior to 2.6.8, and 2.7 prior to 2.7.12; Bamboo prior to 3.3.4 and 3.4.x prior to 3.4.5; and Crowd prior to 2.0.9, 2.1 prior to 2.1.2, ...
Atlassian Bamboo
Atlassian Confluence
Atlassian Confluence Server
Atlassian Crowd
Atlassian Crucible
Atlassian Fisheye
Atlassian Jira
1 EDB exploit
6
CVSSv2
CVE-2019-15053
The "HTML Include and replace macro" plugin prior to 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.
Atlassian Html Include And Replace Macro
1 Github repository
5.8
CVSSv2
CVE-2019-15006
There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Se...
Atlassian Confluence
Atlassian Confluence Server
1 Article
5
CVSSv2
CVE-2021-26085
Affected versions of Atlassian Confluence Server allow remote malicious users to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 prior to 7.12.3.
Atlassian Confluence Server
Atlassian Confluence Data Center
4 Github repositories
5
CVSSv2
CVE-2020-29448
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 prior to 7.4.6, and from 7.5.0 prior to 7.8.3 allowed unauthenticated remote malicious users to read arbitrary files within WEB-INF and META-INF dir...
Atlassian Confluence Server
Atlassian Confluence Data Center
5
CVSSv2
CVE-2017-7415
Atlassian Confluence 6.x prior to 6.0.7 allows remote malicious users to bypass authentication and read any blog or page via the drafts diff REST resource.
Atlassian Confluence Server 6.0.1
Atlassian Confluence Server 6.0.3
Atlassian Confluence Server 6.0.4
Atlassian Confluence Server 6.0.5
Atlassian Confluence Server 6.0.6
Atlassian Confluence Server 6.0.2
Atlassian Confluence Server 6.0.0
5
CVSSv2
CVE-2016-6668
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 prior to 6.27.5, 6.28.0 prior to 7.3.7, and 7.4.0 prior to 7.8.17; Confluence HipChat plugin 6.26.0 prior to 7.8.17; and HipChat for JIRA plugin 6.26.0 prior to 7.8.17 allows remote malicious users to obtain the...
Atlassian Confluence Server 5.5.0
Atlassian Confluence Server 5.9.6
Atlassian Confluence Server 5.9.5
Atlassian Confluence Server 5.9.8
Atlassian Confluence Server 5.9.7
Atlassian Confluence Server 5.9.2
Atlassian Confluence Server 5.9.1
Atlassian Confluence Server 5.9.4
Atlassian Confluence Server 5.9.3
Atlassian Confluence Server 5.10.1
Atlassian Confluence Server 5.9.10
Atlassian Confluence Server 5.9.11
Atlassian Confluence Server 5.9.12
Atlassian Confluence Server 5.10.0
Atlassian Confluence Server 5.10.2
Atlassian Confluence Server 5.9.9
Atlassian Confluence Server 5.10.3
Atlassian Jira Integration For Hipchat 7.4.1
Atlassian Jira Integration For Hipchat 7.3.3
Atlassian Jira Integration For Hipchat 6.26.0
Atlassian Jira Integration For Hipchat 7.1.0
Atlassian Jira Integration For Hipchat 6.26.10
4.3
CVSSv2
CVE-2019-20102
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote malicious users to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` ...
Atlassian Confluence Server
4.3
CVSSv2
CVE-2017-18086
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.
Atlassian Confluence
4.3
CVSSv2
CVE-2017-18085
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.
Atlassian Confluence
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »