Description
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter.
Remediation
References
Related Vulnerabilities
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5270)
WordPress Plugin Advanced Forms for ACF Security Bypass (1.6.8)
WordPress Plugin Related Posts for WordPress Cross-Site Scripting (1.8.1)
Squid Improper Input Validation Vulnerability (CVE-2020-24606)
WordPress Plugin DFD Reddcoin Tips Cross-Site Scripting (1.1.1)