Description

Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.

Remediation

References

CVE-2017-18086

Related Vulnerabilities

Oracle Application Server Credentials Management Errors Vulnerability (CVE-2004-1366)

Atlassian Jira Uncontrolled Search Path Element Vulnerability (CVE-2019-20400)

XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2023-37462)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15730)

Drupal Improper Authentication Vulnerability (CVE-2019-10911)

Severity

Medium

Classification

CVE-2017-18086 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities