Description

The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.

Remediation

References

CVE-2018-13389

Related Vulnerabilities

Joomla Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2018-11325)

WordPress Plugin Bold Page Builder Security Bypass (2.3.1)

WordPress Plugin Coming Soon Possible Remote Code Execution (1.1.3)

WordPress Plugin Real-Time Find and Replace Cross-Site Request Forgery (3.9)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Multiple Vulnerabilities (1.17.1)

Severity

Medium

Classification

CVE-2018-13389 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities