Vulnerabilities > Atlassian > Confluence Data Center > 7.10.0

DATE CVE VULNERABILITY TITLE RISK
2021-08-30 CVE-2021-26084 Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
network
low complexity
atlassian CWE-917
critical
 9.8
9.8
2021-08-03 CVE-2021-26085 Forced Browsing vulnerability in Atlassian Confluence Server
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint.
network
low complexity
atlassian CWE-425
5.3
5.3
2021-05-07 CVE-2020-29444 Cross-site Scripting vulnerability in Atlassian Confluence Server
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.
network
low complexity
atlassian CWE-79
5.4
5.4