VYPR

Confluence

by Atlassian

CVEs (61)

  • CVE-2012-2926CriMay 22, 2012
    risk 0.67cvss 9.1epss 0.67

    Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3…

  • CVE-2017-7415HigApr 27, 2017
    risk 0.49cvss 7.5epss 0.04

    Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.

  • CVE-2016-6668HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for…

  • CVE-2016-6283MedJan 18, 2017
    risk 0.43cvss 6.1epss 0.04

    Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.

  • CVE-2015-8398MedApr 11, 2016
    risk 0.43cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.

  • CVE-2017-18086MedFeb 2, 2018
    risk 0.40cvss 6.1epss 0.01

    Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.

  • CVE-2017-18085MedFeb 2, 2018
    risk 0.40cvss 6.1epss 0.01

    The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

  • CVE-2017-16856MedDec 5, 2017
    risk 0.40cvss 6.1epss 0.01

    The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.

  • CVE-2015-8399MedApr 11, 2016
    risk 0.36cvss 4.3epss 0.61

    Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.

  • CVE-2017-18083MedFeb 2, 2018
    risk 0.35cvss 5.4epss 0.01

    The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.

  • CVE-2016-4317MedApr 10, 2017
    risk 0.35cvss 5.4epss 0.01

    Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.

  • CVE-2018-13389MedJul 10, 2018
    risk 0.31cvss 4.7epss 0.01

    The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.

  • CVE-2017-18084MedFeb 2, 2018
    risk 0.31cvss 4.8epss 0.01

    The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.

  • CVE-2023-22527KEVJan 16, 2024
    risk 0.29cvss epss 1.00

    A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data…

  • CVE-2023-22518KEVOct 31, 2023
    risk 0.29cvss epss 1.00

    All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an…

  • CVE-2023-22515KEVOct 4, 2023
    risk 0.29cvss epss 0.99

    Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts…

  • CVE-2022-26134KEVJun 3, 2022
    risk 0.29cvss epss 1.00

    In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from…

  • CVE-2021-26084KEVAug 30, 2021
    risk 0.29cvss epss 1.00

    In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version…

  • CVE-2021-26085KEVAug 3, 2021
    risk 0.29cvss epss 1.00

    Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

  • CVE-2019-3396KEVMar 25, 2019
    risk 0.29cvss epss 1.00

    The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2…

Page 1 of 4