Cross-Site Scripting Vulnerability in Atlassian Confluence Server
CVE-2016-4317

5.4MEDIUM

Key Information:

Vendor
Atlassian
Status
Atlassian Confluence Server Before 5.9.11
Vendor
CVE Published:
10 April 2017

Summary

Atlassian Confluence Server versions prior to 5.9.11 are prone to a Cross-Site Scripting (XSS) vulnerability on the viewmyprofile.action page. Malicious actors can exploit this flaw to inject arbitrary web scripts or HTML into user profiles, potentially leading to unauthorized actions and data exposure. Affected users are encouraged to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Atlassian Confluence Server before 5.9.11 Atlassian Confluence Server before 5.9.11

References

https://jira.atlassian.com/browse/CONF-42713
x_refsource_MISC
http://www.securityfocus.com/bid/97513
vdb-entryx_refsource_BID
https://jira.atlassian.com/browse/CONFSERVER-42713
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.