The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.
History

Thu, 03 Oct 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2022-07-26T04:05:14.704626Z

Updated: 2024-10-03T18:36:30.272Z

Reserved: 2021-03-31T00:00:00

Link: CVE-2020-36290

cve-icon Vulnrichment

Updated: 2024-08-04T17:23:09.942Z

cve-icon NVD

Status : Modified

Published: 2022-07-26T04:15:11.070

Modified: 2024-11-21T05:29:13.573

Link: CVE-2020-36290

cve-icon Redhat

No data.