Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-54907

XSS in various resources in the issuesURL parameter - CVE-2017-18086

    Details

    • Symptom Severity:
      Major
    • QA Demo Status:
      Not Done
    • QA Kickoff Status:
      Not Done

      Description

      Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              security-metrics-bot Security Metrics Bot
              Participants:
              Last Touched By:
              David Black
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved:
                Last commented:
                15 weeks, 4 days ago