Confluence

DATE	CVE	VULNERABILITY TITLE	RISK
2018-02-02	CVE-2017-18085	Cross-site Scripting vulnerability in Atlassian Confluence The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter. network low complexity atlassian CWE-79	6.1
2018-02-02	CVE-2017-18084	Cross-site Scripting vulnerability in Atlassian Confluence The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. network low complexity atlassian CWE-79	4.8
2018-02-02	CVE-2017-18083	Cross-site Scripting vulnerability in Atlassian Confluence The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. network low complexity atlassian CWE-79	5.4
2017-12-05	CVE-2017-16856	Cross-site Scripting vulnerability in Atlassian Confluence The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme. network low complexity atlassian CWE-79	6.1
2017-06-15	CVE-2017-9505	Incorrect Default Permissions vulnerability in Atlassian Confluence Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. network low complexity atlassian CWE-276	4.3
2017-04-10	CVE-2016-4317	Cross-site Scripting vulnerability in Atlassian Confluence Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. network low complexity atlassian CWE-79	5.4
2017-01-18	CVE-2016-6283	Cross-site Scripting vulnerability in Atlassian Confluence Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. network low complexity atlassian CWE-79	6.1
2016-04-11	CVE-2015-8399	Information Exposure vulnerability in Atlassian Confluence Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. network low complexity atlassian CWE-200	4.3
2016-04-11	CVE-2015-8398	Cross-site Scripting vulnerability in Atlassian Confluence Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. network low complexity atlassian CWE-79	6.1
2012-05-22	CVE-2012-2926	Unspecified vulnerability in Atlassian products Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. network low complexity atlassian critical	9.1