CVE-2020-14175Cross-site Scripting in Atlassian Confluence Server

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 48.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Confluence ServerAtlassian Confluence Data Center
Timeline
PublishedJul 24
Latest updateMay 24

Description

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

NVDatlassian/confluence_data_center7.5.07.5.2+1
CVEListV5atlassian/confluence_serverunspecified7.4.2+2
NVDatlassian/confluence_server7.5.07.5.2+1

🔴Vulnerability Details

2
GHSA
GHSA-fxvf-vgj9-gphr: Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Script2022-05-24
CVEList
CVE-2020-14175: Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Script2020-07-24
CVE-2020-14175 — Cross-site Scripting in Atlassian | cvebase