CVE-2020-36290

5.4MEDIUM

Key Information

Vendor: Atlassian
Status: Confluence Server; Confluence Data Center
Vendor: CVE Published:; 26 July 2022

Summary

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.

Affected Version(s)

Confluence Server < 7.4.5

Confluence Server < 7.5.0

Confluence Server < 7.6.3

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Jul 26, 2022
Vulnerability Reserved.
Mar 31, 2021

Collectors

NVD DatabaseMitre Database