Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36290)

Description

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.

Remediation

References

Related Vulnerabilities

Caddy Web Server Out-of-bounds Read Vulnerability (CVE-2022-34037)

WordPress Plugin Authorize.net Payment Gateway For WooCommerce Security Bypass (2.0)

WordPress Plugin Elementor Pro Arbitrary File Upload (2.9.3)

WordPress Plugin WP Discourse Unspecified Vulnerability (0.9.7)

Jboss EAP Improper Input Validation Vulnerability (CVE-2011-4575)

Severity

Medium

Classification

CVE-2020-36290 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities