Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian confluence vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-20102
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote malicious users to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` ...
Atlassian Confluence Server
NA
CVE-2023-22504
Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.
Atlassian Confluence Server
6.8
CVSSv2
CVE-2012-6342
Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote malicious users to hijack the authentication of administrators for requests that logout the user via a comment.
Atlassian Confluence Server 3.4.6
4.3
CVSSv2
CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote malicious users to modify a comment into an answer via a Cross-site re...
Atlassian Questions For Confluence
NA
CVE-2022-42977
The Netic User Export add-on prior to 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be ...
Atlassian Confluence Data Center
NA
CVE-2022-42978
In the Netic User Export add-on prior to 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.
Atlassian Confluence Data Center
4.3
CVSSv2
CVE-2018-13394
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote malicious users to modify a comment into an answer via a Cross-site request forg...
Atlassian Questions For Confluence
4
CVSSv2
CVE-2019-15005
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration infor...
Atlassian Troubleshooting And Support
Atlassian Jira
Atlassian Bitbucket
Atlassian Confluence
Atlassian Crowd
Atlassian Fisheye
Atlassian Crucible
Atlassian Bamboo
4.3
CVSSv2
CVE-2005-3967
Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote malicious users to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.
Atlassian Confluence 2.0.1 Build 321
4.3
CVSSv2
CVE-2011-4822
Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye prior to 2.5.5 allow remote malicious users to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) t...
Atlassian Fisheye 2.4.6
Atlassian Fisheye 2.0
Atlassian Fisheye 2.5.1
Atlassian Fisheye 2.1.2
Atlassian Fisheye 2.3.5
Atlassian Fisheye 2.0.1
Atlassian Fisheye 2.1.0
Atlassian Fisheye 2.4.4
Atlassian Fisheye 2.5.4
Atlassian Fisheye 2.3.7
Atlassian Fisheye 2.2.0
Atlassian Fisheye 2.3.2
Atlassian Fisheye 2.4.5
Atlassian Fisheye 2.1.4
Atlassian Fisheye 1.6.3
Atlassian Fisheye 2.1.1
Atlassian Fisheye 1.5.1
Atlassian Fisheye 1.5.3
Atlassian Fisheye 1.6.6
Atlassian Fisheye 2.0.3
Atlassian Fisheye 2.3.8
Atlassian Fisheye 2.5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »