Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
confluence vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv3
CVE-2019-15053
The "HTML Include and replace macro" plugin prior to 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.
Atlassian Html Include And Replace Macro
1 Github repository
7.1
CVSSv3
CVE-2023-50932
An issue exists in savignano S/Notify prior to 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or...
Savignano S\\/notify
7.5
CVSSv3
CVE-2019-13347
An issue exists in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 up to and including 3.2.2 for Jira and Confluence, versions 2.4.0 up to and including 3.0.3 for Bitbucket, and versions 2.4.0 up to and including 2.5.2 for Bamboo. It a...
Atlassian Saml Single Sign On
5.4
CVSSv3
CVE-2023-33287
A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application prior to 3.8.0 for Confluence allows malicious users to store and execute arbitrary JavaScript via a crafted payload injected into the tables.
Actonic Inline Table Editing
NA
CVE-2024-21678
This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated malicious user to execute arbitrary HTML or JavaScript code on a victims browser which has high ...
NA
CVE-2024-23735
Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify prior to 4.0.0 for Confluence allows malicious users to manipulate user data via specially crafted certificate.
7.2
CVSSv3
CVE-2020-4020
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
Atlassian Companion
7.5
CVSSv3
CVE-2020-35122
An issue exists in the Keysight Database Connector plugin prior to 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection.
Keysight Keysight Database Connector
8.8
CVSSv3
CVE-2020-35121
An issue exists in the Keysight Database Connector plugin prior to 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro.
Keysight Database Connector
5.4
CVSSv3
CVE-2023-36662
The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 up to and including 2.17.1, User Management for Confluence 2.0.0 up to and including 2.15.24, and User Management for Bitbuck...
Techtime User Management
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »