Description

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.

Remediation

References

CVE-2020-29444

Related Vulnerabilities

WordPress Plugin Variation Swatches for WooCommerce Cross-Site Scripting (1.0.61)

WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.2.1 - 1.2.2)

e107 Other Vulnerability (CVE-2004-2031)

Drupal Core 7.x Arbitrary File Overwrite (7.0 - 7.77)

WordPress 4.7.x Arbitrary File Deletion Vulnerability (4.7 - 4.7.10)

Severity

Medium

Classification

CVE-2020-29444 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities