[CONFSERVER-54903] XSS in the editinword resource through the contents of an uploaded file - CVE-2017-18083 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 6.4.0
Affects Version/s: 6.2.4
Component/s: Macros - Attachments
Labels:
- advisory
- advisory-released
- bugbounty
- cvss-medium
- loyalty
- security
- sxss
- xss

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.

Form Name

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 02/Feb/2018 12:10 AM

Updated:: 11/Oct/2018 8:49 AM

Resolved:: 02/Feb/2018 3:14 AM

Confluence Data Center

Details

Description

Attachments

Forms

Activity

[CONFSERVER-54903] XSS in the editinword resource through the contents of an uploaded file - CVE-2017-18083

People

Dates