Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
confluence vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-6342
Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote malicious users to hijack the authentication of administrators for requests that logout the user via a comment.
Atlassian Confluence Server 3.4.6
7.5
CVSSv3
CVE-2022-42977
The Netic User Export add-on prior to 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be ...
Atlassian Confluence Data Center
7.5
CVSSv3
CVE-2022-42978
In the Netic User Export add-on prior to 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.
Atlassian Confluence Data Center
6.5
CVSSv3
CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote malicious users to modify a comment into an answer via a Cross-site re...
Atlassian Questions For Confluence
6.5
CVSSv3
CVE-2018-13394
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote malicious users to modify a comment into an answer via a Cross-site request forg...
Atlassian Questions For Confluence
8.8
CVSSv3
CVE-2022-26137
A vulnerability in multiple Atlassian products allows a remote, unauthenticated malicious user to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with t...
Atlassian Confluence Data Center 7.18.0
Atlassian Confluence Data Center
Atlassian Confluence Server 7.18.0
Atlassian Confluence Server
Atlassian Jira Service Management
Atlassian Jira Data Center
Atlassian Jira Server
Atlassian Crucible
Atlassian Fisheye
Atlassian Crowd 5.0.0
Atlassian Crowd
Atlassian Bitbucket 8.1.0
Atlassian Bitbucket 8.0.0
Atlassian Bitbucket
Atlassian Bamboo
Atlassian Jira Service Desk
1 Article
9.8
CVSSv3
CVE-2022-26136
A vulnerability in multiple Atlassian products allows a remote, unauthenticated malicious user to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in au...
Atlassian Confluence Data Center 7.18.0
Atlassian Confluence Data Center
Atlassian Confluence Server 7.18.0
Atlassian Confluence Server
Atlassian Jira Service Management
Atlassian Jira Data Center
Atlassian Jira Server
Atlassian Crucible
Atlassian Fisheye
Atlassian Crowd 5.0.0
Atlassian Crowd
Atlassian Bitbucket 8.1.0
Atlassian Bitbucket 8.0.0
Atlassian Bitbucket
Atlassian Bamboo
Atlassian Jira Service Desk
1 Article
NA
CVE-2005-3967
Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote malicious users to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.
Atlassian Confluence 2.0.1 Build 321
5.4
CVSSv3
CVE-2022-44724
The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x prior to 3.5.5 allows remote malicious users to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.
Stiltsoft Handy Macros For Confluence
5.4
CVSSv3
CVE-2018-20239
Application Links before version 5.0.11, from version 5.1.0 prior to 5.2.10, from version 5.3.0 prior to 5.3.6, from version 5.4.0 prior to 5.4.12, and from version 6.0.0 prior to 6.0.4 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scriptin...
Atlassian Application Links
Atlassian Fisheye
Atlassian Crucible
Atlassian Jira Server
Atlassian Jira Data Center
Atlassian Confluence Data Center
Atlassian Confluence Server
Atlassian Crowd
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »