CVE-2017-16856

The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.
References
Link Resource
http://www.securityfocus.com/bid/102094 Third Party Advisory VDB Entry
https://jira.atlassian.com/browse/CONFSERVER-54395 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-12-05 16:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-16856

Mitre link : CVE-2017-16856

CVE.ORG link : CVE-2017-16856


JSON object : View

Products Affected

atlassian

  • confluence
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')