CVE-2005-3967 — Cross-site Scripting in Atlassian Confluence

3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 39.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Confluence

Timeline

PublishedDec 3

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDatlassian/confluence2.0.1_build_321

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-555p-5ggq-9px7: Cross-site scripting (XSS) vulnerability in the dosearchsite↗2022-05-01

▶

CVEList

CVE-2005-3967: Cross-site scripting (XSS) vulnerability in the dosearchsite↗2005-12-03

▶