Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian confluence vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-24897
The Table Filter and Charts for Confluence Server app prior to 5.3.25 (for Atlassian Confluence) allow remote malicious users to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the "Table from CSV" macro.
Stiltsoft Table Filter And Charts For Confluence Server
6.5
CVSSv2
CVE-2020-4020
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
Atlassian Companion
5.5
CVSSv2
CVE-2017-9513
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated malicious users to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do ...
Atlassian Activity Streams
6
CVSSv2
CVE-2019-13347
An issue exists in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 up to and including 3.2.2 for Jira and Confluence, versions 2.4.0 up to and including 3.0.3 for Bitbucket, and versions 2.4.0 up to and including 2.5.2 for Bamboo. It a...
Atlassian Saml Single Sign On
6
CVSSv2
CVE-2019-15053
The "HTML Include and replace macro" plugin prior to 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.
Atlassian Html Include And Replace Macro
1 Github repository
7.5
CVSSv2
CVE-2021-37843
The resolution SAML SSO apps for Atlassian products allow a remote malicious user to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; ...
Atlassian Saml Single Sign On
6.8
CVSSv2
CVE-2016-10750
In Hazelcast prior to 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrar...
Hazelcast Hazelcast
1 Article
6.4
CVSSv2
CVE-2012-2928
The Gliffy plugin prior to 3.7.1 for Atlassian JIRA, and prior to 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote malicious users to read arbitrary files or cause a denial of service (resource consumption) ...
Atlassian Jira
Gliffy Gliffy 2.1.1
Gliffy Gliffy 3.0.0
Gliffy Gliffy 2.0.1
Gliffy Gliffy 2.1.0
Gliffy Gliffy 3.1.2
Gliffy Gliffy 3.0.1
Gliffy Gliffy 2.2.2
Gliffy Gliffy 2.2.1
Gliffy Gliffy 3.1.1
Gliffy Gliffy 3.0.5
Gliffy Gliffy 3.1.4
Gliffy Gliffy 3.5
Gliffy Gliffy 2.2.0
Gliffy Gliffy 3.0.2
Gliffy Gliffy 3.0.4
Gliffy Gliffy 3.5.2
Gliffy Gliffy 3.6
Gliffy Gliffy 2.1.2
Gliffy Gliffy 3.0.3
Gliffy Gliffy
Gliffy Gliffy 2.0.0
5
CVSSv2
CVE-2018-18289
The MESILAT Zabbix plugin prior to 1.1.15 for Atlassian Confluence allows malicious users to read arbitrary files.
Mesilat Zabbix
NA
CVE-2024-21677
This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated malicious user to exploit an undefinable vulnerability which has high impact to confi...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »