Cross-site Scripting vulnerability in Atlassian Confluence Server - CVE-2020-36290 (linux)ID: oval:org.secpod.oval:def:84916 | Date: (C)2022-10-19 (M)2022-11-03 |
Class: VULNERABILITY | Family: unix |
The host is installed with Atlassian Confluence Server before 7.4.5, 7.5.0 before 7.6.3, 7.7.0 before 7.7.4 and is prone to Cross-site Scripting vulnerability. A flaw is present in the application which fails to properly handle page excerpt functionality. Successful exploitation allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript.
Product: |
Atlassian Confluence Server |