Description

Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.

Remediation

References

CVE-2017-18086

Related Vulnerabilities

WordPress Plugin Import Spreadsheets from Microsoft Excel Arbitrary File Upload (10.1.4)

WordPress Plugin MPL-Publisher-Create your Ebook & Audiobook Cross-Site Scripting (1.30.2)

WordPress Plugin Adning Advertising-Professional, All In One Ad Manager for Wordpress Arbitrary File Upload (1.5.5)

WordPress Plugin Import and export users and customers CSV Injection (1.16.3.5)

MODX Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-2736)

Severity

Medium

Classification

CVE-2017-18086 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities