CVE-2024-21686

Name of the Vulnerable Software and Affected Versions Confluence Data Center and Server version 7.13 Confluence Data Center versions 8.8.0 through 8.8.1 Confluence Data Center versions 8.7.0 through 8.7.2 Confluence Data Center versions 8.6.0 through 8.6.2 Confluence Data Center versions 8.5.0 through 8.5.8 Confluence Data Center versions 8.4.0 through 8.4.5 Confluence Data Center versions 8.3.0 through 8.3.4 Confluence Data Center versions 8.2.0 through 8.2.3 Confluence Data Center versions 8.1.0 through 8.1.4 Confluence Data Center versions 8.0.0 through 8.0.4 Confluence Data Center versions 7.20.0 through 7.20.3 Confluence Data Center versions 7.19.0 through 7.19.21 Confluence Data Center versions 7.18.0 through 7.18.3 Confluence Data Center versions 7.17.0 through 7.17.5 Confluence Data Center versions prior to 7.17.0 Confluence Server versions 8.5.0 through 8.5.8 Confluence Server versions 8.4.0 through 8.4.5 Confluence Server versions 8.3.0 through 8.3.4 Confluence Server versions 8.2.0 through 8.2.3 Confluence Server versions 8.1.0 through 8.1.4 Confluence Server versions 8.0.0 through 8.0.4 Confluence Server versions 7.20.0 through 7.20.3 Confluence Server versions 7.19.0 through 7.19.21 Confluence Server versions 7.18.0 through 7.18.3 Confluence Server versions 7.17.0 through 7.17.5 Confluence Server versions prior to 7.17.0

Description This Stored XSS issue allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser, which has high impact to confidentiality, high impact to integrity, and no impact to availability, and requires user interaction.

Recommendations Confluence Data Center version 7.13 should be upgraded to version 8.9.1 or a supported fixed version. Confluence Data Center versions 8.8.0 through 8.8.1 should be upgraded to version 8.9.1. Confluence Data Center versions 8.7.0 through 8.7.2 should be upgraded to version 8.9.1. Confluence Data Center versions 8.6.0 through 8.6.2 should be upgraded to version 8.9.1. Confluence Data Center versions 8.5.0 through 8.5.8 should be upgraded to version 8.9.1 or 8.5.9. Confluence Data Center versions 8.4.0 through 8.4.5 should be upgraded to version 8.9.1 or 8.5.9. Confluence Data Center versions 8.3.0 through 8.3.4 should be upgraded to version 8.9.1 or 8.5.9. Confluence Data Center versions 8.2.0 through 8.2.3 should be upgraded to version 8.9.1 or 8.5.9. Confluence Data Center versions 8.1.0 through 8.1.4 should be upgraded to version 8.9.1 or 8.5.9. Confluence Data Center versions 8.0.0 through 8.0.4 should be upgraded to version 8.9.1 or 8.5.9. Confluence Data Center versions 7.20.0 through 7.20.3 should be upgraded to version 8.9.1 or 8.5.9. Confluence Data Center versions 7.19.0 through 7.19.21 should be upgraded to version 8.9.1, 8.5.9, or 7.19.22. Confluence Data Center versions 7.18.0 through 7.18.3 should be upgraded to version 8.9.1, 8.5.9, or 7.19.22. Confluence Data Center versions 7.17.0 through 7.17.5 should be upgraded to version 8.9.1, 8.5.9, or 7.19.22. Confluence Data Center versions prior to 7.17.0 should be upgraded to version 8.9.1, 8.5.9, or 7.19.22. Confluence Server versions 8.5.0 through 8.5.8 should be upgraded to version 8.5.9. Confluence Server versions 8.4.0 through 8.4.5 should be upgraded to version 8.5.9. Confluence Server versions 8.3.0 through 8.3.4 should be upgraded to version 8.5.9. Confluence Server versions 8.2.0 through 8.2.3 should be upgraded to version 8.5.9. Confluence Server versions 8.1.0 through 8.1.4 should be upgraded to version 8.5.9. Confluence Server versions 8.0.0 through 8.0.4 should be upgraded to version 8.5.9. Confluence Server versions 7.20.0 through 7.20.3 should be upgraded to version 8.5.9. Confluence Server versions 7.19.0 through 7.19.21 should be upgraded to version 8.5.9 or 7.19.22. Confluence Server versions 7.18.0 through 7.18.3 should be upgraded to version 8.5.9 or 7.19.22. Confluence Server versions 7.17.0 through 7.17.5 should be upgraded to version 8.5.9 or 7.19.22. Confluence Server versions prior to 7.17.0 should be upgraded to version 8.5.9 or 7.19.22.