Description

The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.

Remediation

References

CVE-2018-13389

Related Vulnerabilities

Oracle JRE CVE-2022-21293 Vulnerability (CVE-2022-21293)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-22148)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.20)

WordPress Plugin Post Index Cross-Site Request Forgery (0.7.5)

Oracle Database Server CVE-2009-1970 Vulnerability (CVE-2009-1970)

Severity

Medium

Classification

CVE-2018-13389 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities