CVE-2024-21678

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
8.5HIGH
EPSS
1.5%
top 18.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Confluence Data CenterAtlassian Confluence Server
Timeline
PublishedFeb 20

Description

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, low impact to integrity, no impact to availability, and requires no user interaction. Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version. If you ar

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:NExploitability: 3.1 | Impact: 4.7

Affected Packages3 packages

NVDatlassian/confluence_data_center7.20.08.5.5+2
CVEListV5atlassian/confluence_data_center12 versions+11
NVDatlassian/confluence_server7.20.08.5.5+1

🔴Vulnerability Details

2
GHSA
GHSA-hvfx-qp2c-x42h: This High severity Stored XSS vulnerability was introduced in version 22024-02-20
CVEList
CVE-2024-21678: This High severity Stored XSS vulnerability was introduced in version 22024-02-20

📋Vendor Advisories

1
Atlassian
CVE-2024-21678: from 8.7.0 to 8.7.1 from 8.6.0 to 8.6.2 from 8.5.0 (LTS) to 8.5.4 (LTS) from 8.4.0 to 8.4.5 from 8.3.0 to 8.3.4 from 8.22024-02-20