Cross-Site Scripting Vulnerability in Confluence Server and Data Center
CVE-2020-36290

5.4MEDIUM

Key Information:

Vendor: Atlassian
Status: Confluence Server; Confluence Data Center
Vendor: CVE Published:; 26 July 2022

What is CVE-2020-36290?

The Livesearch macro in Confluence Server and Data Center allows remote attackers who have edit permissions for a page or blog to exploit an XSS vulnerability. This enables the injection of arbitrary HTML or JavaScript via the page excerpt functionality, potentially compromising the security of the application and its users.

Affected Version(s)

Confluence Data Center < 7.4.5

Confluence Data Center 7.5.0

Confluence Data Center < 7.6.3

References

https://jira.atlassian.com/browse/CONFSERVER-60118

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2022
Vulnerability Reserved
Mar 31, 2021

Atlassian

What is CVE-2020-36290?

Affected Version(s)

References

CVSS V3.1

Timeline