CVE-2019-15053

Опубликовано: 14 авг. 2019

Источник: nvd

CVSS3: 6.8

CVSS2: 6

EPSS Низкий

Описание

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.

Ссылки

https://github.com/l0nax/CVE-2019-15053
Exploit
Third Party Advisory
https://marketplace.atlassian.com/apps/4885/html-include-and-replace-macro?hosting=server&tab=versions
Vendor Advisory
https://github.com/l0nax/CVE-2019-15053
Exploit
Third Party Advisory
https://marketplace.atlassian.com/apps/4885/html-include-and-replace-macro?hosting=server&tab=versions
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:html_include_and_replace_macro:*:*:*:*:*:confluence:*:*

Версия от 1.1 (включая) до 1.4.2 (включая)

EPSS

Процентиль: 81%

0.01478

Низкий

6.8 Medium

CVSS3

6 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8gfj-456m-vp3q