exploitDog

CVE-2017-18083

Опубликовано: 02 фев. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.

Ссылки

https://jira.atlassian.com/browse/CONFSERVER-54903
Issue Tracking
Vendor Advisory
https://jira.atlassian.com/browse/CONFSERVER-54903
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*

Версия до 6.4.0 (исключая)

EPSS

Процентиль: 37%

0.00164

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x8pc-8hm7-jmpr

CVSS3: 5.4

github

больше 3 лет назад

The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file.

EPSS

Процентиль: 37%

0.00164

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79