Описание
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified mimeType parameter.
Ссылки
- Permissions Required
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия от 6.14.0 (включая) до 6.14.3 (включая)Версия от 6.15.0 (включая) до 6.15.5 (исключая)
Одно из
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00126
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 3 лет назад
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter.
EPSS
Процентиль: 33%
0.00126
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79