Cross-Site Scripting Vulnerability in Confluence Server and Data Center
CVE-2020-36290

5.4MEDIUM

Key Information:

Vendor: Atlassian
Status: Confluence Server; Confluence Data Center
Vendor: CVE Published:; 26 July 2022

What is CVE-2020-36290?

The Livesearch macro in Confluence Server and Data Center allows remote attackers who have edit permissions for a page or blog to exploit an XSS vulnerability. This enables the injection of arbitrary HTML or JavaScript via the page excerpt functionality, potentially compromising the security of the application and its users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Confluence Data Center < 7.4.5

Confluence Data Center 7.5.0

Confluence Data Center < 7.6.3

References

https://jira.atlassian.com/browse/CONFSERVER-60118

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 26, 2022
Vulnerability Reserved
Mar 31, 2021

JSON

Atlassian