Cross Site Scripting Vulnerability in Team Calendar by Atlassian Confluence Server
CVE-2020-29444

5.4MEDIUM

Key Information:

Vendor: Atlassian
Status: Confluence Server
Vendor: CVE Published:; 7 May 2021

Summary

A Cross Site Scripting vulnerability exists in the Team Calendar of Confluence Server, allowing unauthorized users to inject arbitrary HTML or JavaScript code through manipulated admin global setting parameters. This exploit could potentially lead to session hijacking, data theft, and unauthorized actions within the application, posing a significant risk to affected instances.

Affected Version(s)

Confluence Server < 7.11.0

References

https://jira.atlassian.com/browse/CONFSERVER-61266

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 7, 2021
Vulnerability Reserved
Dec 1, 2020