Description

The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.

Remediation

References

CVE-2018-13389

Related Vulnerabilities

WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions SQL Injection (2.9.11)

WordPress Plugin YITH WooCommerce Gift Cards Security Bypass (1.3.7)

Liferay Portal Improper Restriction of XML External Entity Reference Vulnerability (CVE-2024-25606)

WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2025-30753)

OpenSSL Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1473)

Severity

Medium

Classification

CVE-2018-13389 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities