CVE-2020-14175
published 2020-07-24CVE-2020-14175: Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS)…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | confluence_data_center | < 7.4.2 | 7.4.2 |
| atlassian | confluence_data_center | >= 7.5.0 < 7.5.2 | 7.5.2 |
| atlassian | confluence_server | < 7.4.2 | 7.4.2 |
| atlassian | confluence_server | >= 7.5.0 < unspecified | unspecified |
| atlassian | confluence_server | >= 7.5.0 < 7.5.2 | 7.5.2 |
| atlassian | confluence_server | >= unspecified < 7.4.2 | 7.4.2 |
| atlassian | confluence_server | >= unspecified < 7.5.2 | 7.5.2 |