PT-2021-21638 · Atlassian · Confluence

Ulrich Braun

Published

2021-09-15

Updated

2023-01-24

CVE-2021-37412

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions TechRadar app version 1.1 for Confluence Server

Description The issue allows for XSS via the Title field of a Radar. This means an attacker could inject malicious scripts into the Title field, potentially leading to the execution of unauthorized code on the user's browser.

Recommendations For TechRadar app version 1.1, consider disabling the Title field of a Radar until a patch is available to prevent potential XSS attacks. Restrict access to the Radar feature to minimize the risk of exploitation. Avoid using the Title field in the affected Radar feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-37412

Affected Products

Confluence

PT-2021-21638 · Atlassian · Confluence

CVE-2021-37412

Weakness Enumeration

Related Identifiers

Affected Products

References · 6