CVE-2017-16856

The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.
References
Link Resource
http://www.securityfocus.com/bid/102094 Third Party Advisory VDB Entry
https://jira.atlassian.com/browse/CONFSERVER-54395 Issue Tracking Vendor Advisory
http://www.securityfocus.com/bid/102094 Third Party Advisory VDB Entry
https://jira.atlassian.com/browse/CONFSERVER-54395 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:17

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/102094 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/102094 - Third Party Advisory, VDB Entry
References () https://jira.atlassian.com/browse/CONFSERVER-54395 - Issue Tracking, Vendor Advisory () https://jira.atlassian.com/browse/CONFSERVER-54395 - Issue Tracking, Vendor Advisory

Information

Published : 2017-12-05 16:29

Updated : 2024-11-21 03:17


NVD link : CVE-2017-16856

Mitre link : CVE-2017-16856

CVE.ORG link : CVE-2017-16856


JSON object : View

Products Affected

atlassian

  • confluence
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')