Description
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Fudousan Cross-Site Scripting (5.7.0)
WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Request Forgery (10.4.1.1)
Sqlite Out-of-bounds Read Vulnerability (CVE-2019-9936)
WordPress Plugin WP Easy full backup Information Disclosure (1.4)
WordPress Plugin Google XML Sitemaps Cross-Site Scripting (4.0.8)