PT-2022-8970 · Atlassian · Confluence
Published
2022-07-26
·
Updated
2022-08-01
·
CVE-2020-36290
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Confluence Server and Data Center versions prior to 7.4.5
Confluence Server and Data Center versions 7.5.0 through 7.6.3
Confluence Server and Data Center versions 7.7.0 through 7.7.4
Description
The Livesearch macro in Confluence Server and Data Center allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.
Recommendations
For Confluence Server and Data Center versions prior to 7.4.5, update to version 7.4.5 or later.
For Confluence Server and Data Center versions 7.5.0 through 7.6.3, update to version 7.6.3 or later.
For Confluence Server and Data Center versions 7.7.0 through 7.7.4, update to version 7.7.4 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Confluence