Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
confluence vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-13127
An issue exists in mxGraph up to and including 4.0.0, related to the "draw.io Diagrams" plugin prior to 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/graphedito...
Draw Draw.io Diagrams
Jgraph Mxgraph
NA
CVE-2014-8658
Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x prior to 3.5.13 and 4.x prior to 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter t...
Refinedwiki Refinedwiki Original Theme 3.5.11
Refinedwiki Refinedwiki Original Theme 3.5.10
Refinedwiki Refinedwiki Original Theme 3.5.3
Refinedwiki Refinedwiki Original Theme 3.5.2
Refinedwiki Refinedwiki Original Theme 4.0.6
Refinedwiki Refinedwiki Original Theme 4.0.5
Refinedwiki Refinedwiki Original Theme 3.5.7
Refinedwiki Refinedwiki Original Theme 3.5.6
Refinedwiki Refinedwiki Original Theme 4.0.11
Refinedwiki Refinedwiki Original Theme 4.0.10
Refinedwiki Refinedwiki Original Theme 4.0.9
Refinedwiki Refinedwiki Original Theme 4.0.2
Refinedwiki Refinedwiki Original Theme 4.0.1
Refinedwiki Refinedwiki Original Theme 3.5.13
Refinedwiki Refinedwiki Original Theme 3.5.12
Refinedwiki Refinedwiki Original Theme 3.5.5
Refinedwiki Refinedwiki Original Theme 3.5.4
Refinedwiki Refinedwiki Original Theme 4.0.8
Refinedwiki Refinedwiki Original Theme 4.0.7
Refinedwiki Refinedwiki Original Theme 4.0
Refinedwiki Refinedwiki Original Theme 3.5.9
Refinedwiki Refinedwiki Original Theme 3.5.8
NA
CVE-2012-2928
The Gliffy plugin prior to 3.7.1 for Atlassian JIRA, and prior to 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote malicious users to read arbitrary files or cause a denial of service (resource consumption) ...
Atlassian Jira
Gliffy Gliffy 2.1.1
Gliffy Gliffy 3.0.0
Gliffy Gliffy 2.0.1
Gliffy Gliffy 2.1.0
Gliffy Gliffy 3.1.2
Gliffy Gliffy 3.0.1
Gliffy Gliffy 2.2.2
Gliffy Gliffy 2.2.1
Gliffy Gliffy 3.1.1
Gliffy Gliffy 3.0.5
Gliffy Gliffy 3.1.4
Gliffy Gliffy 3.5
Gliffy Gliffy 2.2.0
Gliffy Gliffy 3.0.2
Gliffy Gliffy 3.0.4
Gliffy Gliffy 3.5.2
Gliffy Gliffy 3.6
Gliffy Gliffy 2.1.2
Gliffy Gliffy 3.0.3
Gliffy Gliffy
Gliffy Gliffy 2.0.0
NA
CVE-2011-4822
Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye prior to 2.5.5 allow remote malicious users to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) t...
Atlassian Fisheye 2.4.5
Atlassian Fisheye 2.4.4
Atlassian Fisheye 2.3.6
Atlassian Fisheye 2.3.5
Atlassian Fisheye 2.2.0
Atlassian Fisheye 2.1.4
Atlassian Fisheye 2.0.4
Atlassian Fisheye 2.0.3
Atlassian Fisheye 1.6.6
Atlassian Fisheye 1.6.5.a
Atlassian Fisheye 1.5.2
Atlassian Fisheye 1.5.1
Atlassian Fisheye 2.5.0
Atlassian Fisheye 2.4.6
Atlassian Fisheye 2.3.8
Atlassian Fisheye 2.3.7
Atlassian Fisheye 2.2.3
Atlassian Fisheye 2.2.1
Atlassian Fisheye 2.0.6
Atlassian Fisheye 2.0.5
Atlassian Fisheye 2.0
Atlassian Fisheye 1.5.4
5.4
CVSSv3
CVE-2017-9513
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated malicious users to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do ...
Atlassian Activity Streams
9.8
CVSSv3
CVE-2021-37843
The resolution SAML SSO apps for Atlassian products allow a remote malicious user to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; ...
Atlassian Saml Single Sign On
6.1
CVSSv3
CVE-2022-1231
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml before 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in d...
Plantuml Plantuml
Fedoraproject Fedora 35
Fedoraproject Fedora 36
6.1
CVSSv3
CVE-2023-52240
The Kantega SAML SSO OIDC Kerberos Single Sign-on apps prior to 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 up to and including 4.14.8 prior to 4.14.9, 5.0.0 up to and including 5.11.4 prior to 5.11.5, and 6.0.0 up to and including ...
Kantega-sso Kantega Saml Sso Oidc Kerberos Single Sign-on
7.5
CVSSv3
CVE-2018-8012
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper prior to 3.4.10, and 3.5.0-alpha up to and including 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the lead...
Apache Zookeeper 3.5.3
Apache Zookeeper 3.5.0
Apache Zookeeper
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Oracle Goldengate Stream Analytics
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9