Vulnerability Details CVE-2019-20102
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Products affected by CVE-2019-20102
-
cpe:2.3:a:atlassian:confluence_server:6.14.0
-
cpe:2.3:a:atlassian:confluence_server:6.14.1
-
cpe:2.3:a:atlassian:confluence_server:6.14.2
-
cpe:2.3:a:atlassian:confluence_server:6.14.3
-
cpe:2.3:a:atlassian:confluence_server:6.15.0
-
cpe:2.3:a:atlassian:confluence_server:6.15.1
-
cpe:2.3:a:atlassian:confluence_server:6.15.2
-
cpe:2.3:a:atlassian:confluence_server:6.15.3
-
cpe:2.3:a:atlassian:confluence_server:6.15.4