Vulnerabilities (CVE)

Filtered by vendor Atlassian Subscribe
Filtered by product Confluence Data Center
Total 30 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26085 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
CVE-2021-26084 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
CVE-2021-26072 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.
CVE-2020-36290 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 N/A 5.4 MEDIUM
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.
CVE-2020-29450 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.
CVE-2020-29448 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
CVE-2020-29444 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 3.5 LOW 5.4 MEDIUM
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.
CVE-2020-14175 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 3.5 LOW 5.4 MEDIUM
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.
CVE-2018-20239 1 Atlassian 8 Application Links, Confluence Data Center, Confluence Server and 5 more 2024-11-21 3.5 LOW 5.4 MEDIUM
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0.
CVE-2018-20237 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.