Atlassian: >> Confluence >> 3.5.17 Security Vulnerabilities
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-04-10
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
CVSS Score
6.1
EPSS Score
0.042
Published
2017-01-18
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
CVSS Score
4.3
EPSS Score
0.918
Published
2016-04-11
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.
CVSS Score
6.1
EPSS Score
0.005
Published
2016-04-11
Page 2