vulnerability
Atlassian Confluence: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2017-18086)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Feb 2, 2018 | Apr 22, 2019 | Nov 27, 2024 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Feb 2, 2018
Added
Apr 22, 2019
Modified
Nov 27, 2024
Description
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.
Solution
atlassian-confluence-upgrade-6_4_2
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.