Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian confluence vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-3395
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 prior to 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 prior to 6.9.3 (the fixed version for 6.9.x) allows remote malicious user...
Atlassian Confluence Server
Atlassian Confluence
4
CVSSv2
CVE-2018-20237
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
Atlassian Confluence Server
Atlassian Confluence Data Center
5
CVSSv2
CVE-2018-18289
The MESILAT Zabbix plugin prior to 1.1.15 for Atlassian Confluence allows malicious users to read arbitrary files.
Mesilat Zabbix
4.3
CVSSv2
CVE-2018-13394
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote malicious users to modify a comment into an answer via a Cross-site request forg...
Atlassian Questions For Confluence
4.3
CVSSv2
CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote malicious users to modify a comment into an answer via a Cross-site re...
Atlassian Questions For Confluence
4.3
CVSSv2
CVE-2018-13389
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote malicious users to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.
Atlassian Confluence
3.5
CVSSv2
CVE-2017-18083
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.
Atlassian Confluence
3.5
CVSSv2
CVE-2017-18084
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.
Atlassian Confluence
4.3
CVSSv2
CVE-2017-18085
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.
Atlassian Confluence
4.3
CVSSv2
CVE-2017-18086
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.
Atlassian Confluence
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »