Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-61266

Persistent XSS through Team Calendar in Confluence Server - CVE-2020-29444

XMLWordPrintable

    • 5.4
    • Medium
    • CVE-2020-29444

      Affected versions of Team Calendar in Confluence Server allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting vulnerability in admin global setting parameters.

      Affected versions:

      • < 7.11.0

      Fixed version:

      • 7.11.0

       

      This vulnerability is attributed to Stefano Castilletti, a security researcher from Apple.

            [CONFSERVER-61266] Persistent XSS through Team Calendar in Confluence Server - CVE-2020-29444

            Mandeep Jadon made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 733522 ]
            Security Metrics Bot made changes -
            CVE ID New: CVE-2020-29444
            Igor M. made changes -
            Fix Version/s New: TC-7.0.7 [ 94708 ]
            Fix Version/s New: TC-6.1.8 [ 94794 ]
            Igor M. made changes -
            Affects Version/s New: 7.4.4 [ 92310 ]
            David Black made changes -
            Labels Original: CVE-2020-29444 advisory advisory-to-release dont-import security New: CVE-2020-29444 advisory advisory-released dont-import security
            David Black made changes -
            Security Original: Atlassian Staff [ 10750 ]
            David Black made changes -
            Resolution New: Fixed [ 1 ]
            Security New: Atlassian Staff [ 10750 ]
            Status Original: Draft [ 12872 ] New: Published [ 12873 ]
            David Black made changes -
            Security Original: Atlassian Staff [ 10750 ]
            David Black made changes -
            Labels Original: advisory advisory-to-release dont-import security New: CVE-2020-29444 advisory advisory-to-release dont-import security
            David Black made changes -
            Summary Original: Persistent XSS through Team Calendar in Confluence Server New: Persistent XSS through Team Calendar in Confluence Server - CVE-2020-29444

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: