CVE-2024-21686

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
8.7HIGH
EPSS
3.3%
top 12.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Confluence Data CenterAtlassian Confluence Server
Timeline
PublishedJul 16

Description

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if yo

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:NExploitability: 2.3 | Impact: 5.8

Affected Packages4 packages

NVDatlassian/confluence_data_center7.20.08.5.9+2
CVEListV5atlassian/confluence_data_center12 versions+11
NVDatlassian/confluence_server7.20.08.5.9+1
CVEListV5atlassian/confluence_server8 versions+7

🔴Vulnerability Details

2
CVEList
CVE-2024-21686: This High severity Stored XSS vulnerability was introduced in versions 72024-07-16
GHSA
GHSA-7x4x-g7pr-2356: This High severity Stored XSS vulnerability was introduced in versions 72024-07-16

📋Vendor Advisories

1
Atlassian
CVE-2024-21686: Stored XSS in Confluence Data Center and Server2024-07-16