CVE-2020-36290

5.4MEDIUM

Key Information:

Vendor
Atlassian
Status
Confluence Server
Confluence Data Center
Vendor
CVE Published:
26 July 2022

Summary

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.

Affected Version(s)

Confluence Data Center < 7.4.5

Confluence Data Center 7.5.0

Confluence Data Center < 7.6.3

References

https://jira.atlassian.com/browse/CONFSERVER-60118
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.