Description

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.

Remediation

References

CVE-2021-26072

Related Vulnerabilities

WordPress Plugin WP Statistics Cross-Site Scripting (12.6.7)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-6262)

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-26472)

WordPress Plugin Cool Video Gallery Cross-Site Request Forgery (1.8)

WordPress Plugin WebP Express Unspecified Vulnerability (0.14.21)

Severity

Medium

Classification

CVE-2021-26072 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities