CVE-2024-21678

Name of the Vulnerable Software and Affected Versions Confluence Data Center versions 2.7.0 through 8.7.1 Confluence Data Center versions 8.6.0 through 8.6.1 Confluence Data Center versions 8.5.0 through 8.5.4 LTS Confluence Data Center versions 8.4.0 through 8.4.5 Confluence Data Center versions 8.3.0 through 8.3.4 Confluence Data Center versions 8.2.0 through 8.2.3 Confluence Data Center versions 8.1.0 through 8.1.4 Confluence Data Center versions 8.0.0 through 8.0.4 Confluence Data Center versions 7.20.0 through 7.20.3 Confluence Data Center versions 7.19.0 through 7.19.17 LTS Confluence Data Center versions 7.18.0 through 7.18.3 Confluence Data Center versions 7.17.0 through 7.17.5 Confluence Data Center versions prior to 7.17.0 Confluence Server versions 8.5.0 through 8.5.4 LTS Confluence Server versions 8.4.0 through 8.4.5 Confluence Server versions 8.3.0 through 8.3.4 Confluence Server versions 8.2.0 through 8.2.3 Confluence Server versions 8.1.0 through 8.1.4 Confluence Server versions 8.0.0 through 8.0.4 Confluence Server versions 7.20.0 through 7.20.3 Confluence Server versions 7.19.0 through 7.19.17 LTS Confluence Server versions 7.18.0 through 7.18.3 Confluence Server versions 7.17.0 through 7.17.5 Confluence Server versions prior to 7.17.0

Description This Stored XSS vulnerability allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser, which has high impact to confidentiality, low impact to integrity, and no impact to availability, and requires no user interaction.

Recommendations For Confluence Data Center versions 8.7.0 through 8.7.1, upgrade to version 8.8.0 or 8.7.2. For Confluence Data Center versions 8.6.0 through 8.6.1, upgrade to version 8.8.0. For Confluence Data Center versions 8.5.0 through 8.5.4 LTS, upgrade to version 8.8.0, 8.5.5 LTS, or 8.5.6 LTS. For Confluence Data Center versions 8.4.0 through 8.4.5, upgrade to version 8.8.0 or 8.5.6 LTS. For Confluence Data Center versions 8.3.0 through 8.3.4, upgrade to version 8.8.0 or 8.5.6 LTS. For Confluence Data Center versions 8.2.0 through 8.2.3, upgrade to version 8.8.0 or 8.5.6 LTS. For Confluence Data Center versions 8.1.0 through 8.1.4, upgrade to version 8.8.0 or 8.5.6 LTS. For Confluence Data Center versions 8.0.0 through 8.0.4, upgrade to version 8.8.0 or 8.5.6 LTS. For Confluence Data Center versions 7.20.0 through 7.20.3, upgrade to version 8.8.0 or 8.5.6 LTS. For Confluence Data Center versions 7.19.0 through 7.19.17 LTS, upgrade to version 8.8.0, 8.5.6 LTS, 7.19.18 LTS, or 7.19.19 LTS. For Confluence Data Center versions 7.18.0 through 7.18.3, upgrade to version 8.8.0, 8.5.6 LTS, or 7.19.19 LTS. For Confluence Data Center versions 7.17.0 through 7.17.5, upgrade to version 8.8.0, 8.5.6 LTS, or 7.19.19 LTS. For Confluence Data Center versions prior to 7.17.0, upgrade to version 8.8.0, 8.5.6 LTS, or 7.19.19 LTS. For Confluence Server versions 8.5.0 through 8.5.4 LTS, upgrade to version 8.5.5 LTS or 8.5.6 LTS. For Confluence Server versions 8.4.0 through 8.4.5, upgrade to version 8.5.6 LTS. For Confluence Server versions 8.3.0 through 8.3.4, upgrade to version 8.5.6 LTS. For Confluence Server versions 8.2.0 through 8.2.3, upgrade to version 8.5.6 LTS. For Confluence Server versions 8.1.0 through 8.1.4, upgrade to version 8.5.6 LTS. For Confluence Server versions 8.0.0 through 8.0.4, upgrade to version 8.5.6 LTS. For Confluence Server versions 7.20.0 through 7.20.3, upgrade to version 8.5.6 LTS. For Confluence Server versions 7.19.0 through 7.19.17 LTS, upgrade to version 8.5.6 LTS, 7.19.18 LTS, or 7.19.19 LTS. For Confluence Server versions 7.18.0 through 7.18.3, upgrade to version 8.5.6 LTS or 7.19.19 LTS. For Confluence Server versions 7.17.0 through 7.17.5, upgrade to version 8.5.6 LTS or 7.19.19 LTS. For Confluence Server versions prior to 7.17.0, upgrade to version 8.5.6 LTS or 7.19.19 LTS.