Published: 18/01/2017 Updated: 20/01/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Atlassian Confluence prior to 5.10.6 allows remote malicious users to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
atlassian confluence

=====[ Tempest Security Intelligence - ADV-3/2016 CVE-2016-6283 ]============== Persisted Cross-Site Scripting (XSS) in Confluence Jira Software ---------------------------------------------------------------- Author(s): - Jodson Santos - jodsonsantos@tempestcombr Tempest Security Intelligence - Recife, Pernambuco - Br ...

Tempest Security Intelligence Advisory ADV-3/2016 - Atlassian Confluence version 5912 is vulnerable to persistent cross site scripting because it fails to securely validate user controlled data, thus making it possible for an attacker to supply crafted input in order to harm users The bug occurs at pages carrying attached files, even though the ...

CWE-79 https://www.exploit-db.com/exploits/40989/http://www.securityfocus.com/bid/95288 http://seclists.org/fulldisclosure/2017/Jan/3 http://seclists.org/fulldisclosure/2017/Jan/12 http://packetstormsecurity.com/files/140363/Atlassian-Confluence-5.9.12-Cross-Site-Scripting.html https://nvd.nist.gov https://www.exploit-db.com/exploits/40989/

CVE-2016-6283

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect