Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian confluence vulnerabilities and exploits
(subscribe to this query)
4.7
CVSSv3
CVE-2018-13389
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote malicious users to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.
Atlassian Confluence
5.4
CVSSv3
CVE-2016-4317
Atlassian Confluence Server prior to 5.9.11 has XSS on the viewmyprofile.action page.
Atlassian Confluence
6.1
CVSSv3
CVE-2015-8398
Cross-site scripting (XSS) vulnerability in Atlassian Confluence prior to 5.8.17 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.
Atlassian Confluence
1 EDB exploit
4.3
CVSSv3
CVE-2015-8399
Atlassian Confluence prior to 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
Atlassian Confluence
1 EDB exploit
4.3
CVSSv3
CVE-2017-9505
Atlassian Confluence starting with 4.3.0 prior to 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comment...
Atlassian Confluence
6.1
CVSSv3
CVE-2017-16856
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote malicious users to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.
Atlassian Confluence
6.1
CVSSv3
CVE-2016-6283
Cross-site scripting (XSS) vulnerability in Atlassian Confluence prior to 5.10.6 allows remote malicious users to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
Atlassian Confluence
1 EDB exploit
6.1
CVSSv3
CVE-2019-20102
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote malicious users to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` ...
Atlassian Confluence Server
4.3
CVSSv3
CVE-2020-29445
Affected versions of Confluence Server prior to 7.4.8, and versions from 7.5.0 prior to 7.11.0 allow malicious users to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters.
Atlassian Confluence Server
NA
CVE-2005-3967
Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote malicious users to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.
Atlassian Confluence 2.0.1 Build 321
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »