Description

The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.

Remediation

References

CVE-2017-18084

Related Vulnerabilities

WordPress Plugin Broken Link Checker Cross-Site Scripting (1.11.8)

WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.16)

MySQL CVE-2021-2160 Vulnerability (CVE-2021-2160)

WordPress Plugin JS Support Ticket Unspecified Vulnerability (1.1.1)

Atlassian Jira Missing Authorization Vulnerability (CVE-2019-20407)

Severity

Medium

Classification

CVE-2017-18084 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities