CVE-2024-21690

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
8.2HIGH
EPSS
0.7%
top 28.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Confluence Data CenterAtlassian Confluence Server
Timeline
PublishedAug 21

Description

This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability, with a CVSS Score of 7.1, allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser and force a end user to execute unwanted actions on a web app

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.7

Affected Packages4 packages

NVDatlassian/confluence_data_center7.19.07.19.25+11
CVEListV5atlassian/confluence_data_center11 versions+10
NVDatlassian/confluence_server7.19.07.19.25+11
CVEListV5atlassian/confluence_server7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-hm5h-rw9m-g27p: This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 72024-08-21
CVEList
CVE-2024-21690: This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 72024-08-21