Vulnerabilities > Atlassian > Confluence > Low

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2017-18083 Cross-site Scripting vulnerability in Atlassian Confluence
The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.
network
atlassian CWE-79
3.5
3.5
2018-02-02 CVE-2017-18084 Cross-site Scripting vulnerability in Atlassian Confluence
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.
network
atlassian CWE-79
3.5
3.5
2017-04-10 CVE-2016-4317 Cross-site Scripting vulnerability in Atlassian Confluence
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.
network
atlassian CWE-79
3.5
3.5