Vulnerabilities > Atlassian > Confluence > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2016-4317 Cross-site Scripting vulnerability in Atlassian Confluence
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.
network
low complexity
atlassian CWE-79
5.4
5.4
2017-01-18 CVE-2016-6283 Cross-site Scripting vulnerability in Atlassian Confluence
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
network
low complexity
atlassian CWE-79
6.1
6.1
2016-04-11 CVE-2015-8399 Information Exposure vulnerability in Atlassian Confluence
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
network
low complexity
atlassian CWE-200
4.3
4.3
2016-04-11 CVE-2015-8398 Cross-site Scripting vulnerability in Atlassian Confluence
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.
network
low complexity
atlassian CWE-79
6.1
6.1