Description
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Captcha by BestWebSoft Security Bypass (3.8.7)
WordPress Plugin WordPress Facebook SQL Injection (1.0.8)
Sqlite CVE-2019-19603 Vulnerability (CVE-2019-19603)
Drupal Core 8.5.x Multiple Vulnerabilities (8.5.0 - 8.5.14)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9481)