-
Bug
-
Resolution: Fixed
-
Medium
-
6.4.1
-
Severity 2 - Major
-
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 6.1 => Medium severity
Exploitability Metrics
Scope Metric
Impact Metrics
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/RC:U