The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2017-12-05T16:00:00Z
Updated: 2024-09-16T23:10:55.644Z
Reserved: 2017-11-16T00:00:00
Link: CVE-2017-16856
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-12-05T16:29:00.420
Modified: 2024-11-21T03:17:06.623
Link: CVE-2017-16856
Redhat
No data.