Cross Site Scripting Vulnerability in Team Calendar by Atlassian Confluence Server
CVE-2020-29444

5.4MEDIUM

Key Information:

Vendor

Atlassian
Status
Confluence Server
Vendor
CVE Published:
7 May 2021

What is CVE-2020-29444?

A Cross Site Scripting vulnerability exists in the Team Calendar of Confluence Server, allowing unauthorized users to inject arbitrary HTML or JavaScript code through manipulated admin global setting parameters. This exploit could potentially lead to session hijacking, data theft, and unauthorized actions within the application, posing a significant risk to affected instances.

Affected Version(s)

Confluence Server < 7.11.0

References

https://jira.atlassian.com/browse/CONFSERVER-61266
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.