Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 6.13.20, 7.4.8, 7.8.0
Affects Version/s: 7.4.0, 7.4.7
Component/s: Content - Blueprints / Templates
Labels:

Symptom Severity:
Severity 3 - Minor
CVSS Score:
4.8

Description

Affected versions of Atlassian Confluence Server and Data Centre allow a remote attacker to inject arbitrary Javascript into the context of the application via a Cross-Site Scripting vulnerability in the `docreatepagetemplate.action` template. This exploit requires an administrator to click on a malicious link.

The affected versions are before version 7.4.0.

Affected versions:

7.4.0

Fixed versions:

7.4.8, 7.8.0

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Michael Andreacchio

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 11/Mar/2021 11:19 PM

Updated:: 21/Feb/2023 3:41 PM

Resolved:: 15/Mar/2021 12:33 AM