Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: TC-6.1.8, TC-7.0.7, 7.11.0
Affects Version/s: 7.4.4, 7.9.0
Component/s: None
Labels:

CVSS Score:
5.4
CVSS Severity:
Medium
CVE ID:
CVE-2020-29444

Description

Affected versions of Team Calendar in Confluence Server allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting vulnerability in admin global setting parameters.

Affected versions:

< 7.11.0

Fixed version:

7.11.0

This vulnerability is attributed to Stefano Castilletti, a security researcher from Apple.

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 22/Feb/2021 4:54 AM

Updated:: 21/Feb/2023 3:40 PM

Resolved:: 07/May/2021 6:01 AM