Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-54903

XSS in the editinword resource through the contents of an uploaded file - CVE-2017-18083

    XMLWordPrintable

    Details

    • Symptom Severity:
      Severity 2 - Major
    • QA Demo Status:
      Not Done
    • QA Kickoff Status:
      Not Done

      Description

      The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              security-metrics-bot SecurityB
              Participants:
              Last Touched By:
              Owen Sanico
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved:
                Last commented:
                36 weeks, 6 days ago