Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian confluence server vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-18085
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.
Atlassian Confluence
312
VMScore
CVE-2017-18084
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.
Atlassian Confluence
312
VMScore
CVE-2017-18083
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.
Atlassian Confluence
356
VMScore
CVE-2019-15005
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration infor...
Atlassian Troubleshooting And Support
Atlassian Bamboo
Atlassian Bitbucket
Atlassian Confluence
Atlassian Crowd
Atlassian Crucible
Atlassian Fisheye
Atlassian Jira
356
VMScore
CVE-2020-24898
The Table Filter and Charts for Confluence Server app prior to 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter).
Stiltsoft Table Filter And Charts For Confluence Server
312
VMScore
CVE-2020-24897
The Table Filter and Charts for Confluence Server app prior to 5.3.25 (for Atlassian Confluence) allow remote malicious users to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the "Table from CSV" macro.
Stiltsoft Table Filter And Charts For Confluence Server
NA
CVE-2022-26138
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded passw...
Atlassian Questions For Confluence 3.0.2
Atlassian Questions For Confluence 2.7.35
Atlassian Questions For Confluence 2.7.34
3 Github repositories
1 Article
614
VMScore
CVE-2021-43940
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local malicious users to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence...
Atlassian Confluence Server
Atlassian Confluence Data Center
578
VMScore
CVE-2020-4020
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
Atlassian Companion
534
VMScore
CVE-2019-15053
The "HTML Include and replace macro" plugin prior to 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.
Atlassian Html Include And Replace Macro
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »