Description

The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.

Remediation

References

CVE-2017-18084

Related Vulnerabilities

WordPress Plugin Media from FTP Cross-Site Scripting (9.89)

Drupal Core 8.x.x Directory Traversal (8.0.0 - 8.5.15)

WordPress Plugin HTML5 Video Player with Playlist Multiple Cross-Site Scripting Vulnerabilities (2.40)

Jenkins Improper Input Validation Vulnerability (CVE-2012-6072)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.11)

Severity

Medium

Classification

CVE-2017-18084 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities