Confluence Server

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-03	CVE-2021-26085	Forced Browsing vulnerability in Atlassian Confluence Server Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. network low complexity atlassian CWE-425	5.3
2021-05-07	CVE-2020-29444	Cross-site Scripting vulnerability in Atlassian Confluence Server Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters. network low complexity atlassian CWE-79	5.4
2021-05-07	CVE-2020-29445	Server-Side Request Forgery (SSRF) vulnerability in Atlassian Confluence Server Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. network low complexity atlassian CWE-918	4.3
2021-04-01	CVE-2021-26072	Server-Side Request Forgery (SSRF) vulnerability in Atlassian Confluence Server The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability. network low complexity atlassian CWE-918	4.3
2021-02-22	CVE-2020-29448	Unspecified vulnerability in Atlassian Confluence Server The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. network low complexity atlassian	5.3
2021-01-19	CVE-2020-29450	Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Confluence Server Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. network low complexity atlassian CWE-434	6.5
2020-07-24	CVE-2020-14175	Cross-site Scripting vulnerability in Atlassian Confluence Server Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. network low complexity atlassian CWE-79	5.4
2020-07-01	CVE-2020-4027	Injection vulnerability in Atlassian Confluence Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. network low complexity atlassian CWE-74	4.7
2020-04-22	CVE-2019-20102	Cross-site Scripting vulnerability in Atlassian Confluence Server The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter. network low complexity atlassian CWE-79	6.1
2020-02-06	CVE-2019-20406	Uncontrolled Search Path Element vulnerability in Atlassian Confluence The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability. local low complexity atlassian CWE-427	7.8