Vulnerabilities > Atlassian > Confluence > 5.9.7

DATE CVE VULNERABILITY TITLE RISK
2017-06-15 CVE-2017-9505 Incorrect Default Permissions vulnerability in Atlassian Confluence
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments.
network
low complexity
atlassian CWE-276
4.3
4.3
2017-04-10 CVE-2016-4317 Cross-site Scripting vulnerability in Atlassian Confluence
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.
network
low complexity
atlassian CWE-79
5.4
5.4
2017-01-18 CVE-2016-6283 Cross-site Scripting vulnerability in Atlassian Confluence
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
network
low complexity
atlassian CWE-79
6.1
6.1