Vulnerabilities > Atlassian > Confluence > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-02 | CVE-2017-18083 | Cross-site Scripting vulnerability in Atlassian Confluence The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. | 3.5 |
2018-02-02 | CVE-2017-18084 | Cross-site Scripting vulnerability in Atlassian Confluence The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. | 3.5 |
2017-04-10 | CVE-2016-4317 | Cross-site Scripting vulnerability in Atlassian Confluence Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. | 3.5 |