vulnerability

Atlassian Confluence: Improper Input Validation (CVE-2018-13389)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jul 10, 2018	Apr 22, 2019	Nov 27, 2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 10, 2018

Added

Apr 22, 2019

Modified

Nov 27, 2024

Description

The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.

Solution

atlassian-confluence-upgrade-6_6_1

References

CVE-2018-13389
https://attackerkb.com/topics/CVE-2018-13389

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today