Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian confluence vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2018-20237
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
Atlassian Confluence Server
Atlassian Confluence Data Center
5
CVSSv2
CVE-2018-18289
The MESILAT Zabbix plugin prior to 1.1.15 for Atlassian Confluence allows malicious users to read arbitrary files.
Mesilat Zabbix
4.3
CVSSv2
CVE-2018-13394
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote malicious users to modify a comment into an answer via a Cross-site request forg...
Atlassian Questions For Confluence
4.3
CVSSv2
CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote malicious users to modify a comment into an answer via a Cross-site re...
Atlassian Questions For Confluence
4.3
CVSSv2
CVE-2018-13389
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote malicious users to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.
Atlassian Confluence
3.5
CVSSv2
CVE-2017-18083
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.
Atlassian Confluence
4.3
CVSSv2
CVE-2017-18085
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.
Atlassian Confluence
4.3
CVSSv2
CVE-2017-18086
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.
Atlassian Confluence
3.5
CVSSv2
CVE-2017-18084
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.
Atlassian Confluence
5.5
CVSSv2
CVE-2017-9513
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated malicious users to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do ...
Atlassian Activity Streams
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »