The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/CONFSERVER-60118 |
History
Thu, 03 Oct 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2022-07-26T04:05:14.704626Z
Updated: 2024-10-03T18:36:30.272Z
Reserved: 2021-03-31T00:00:00
Link: CVE-2020-36290
Vulnrichment
Updated: 2024-08-04T17:23:09.942Z
NVD
Status : Modified
Published: 2022-07-26T04:15:11.070
Modified: 2024-11-21T05:29:13.573
Link: CVE-2020-36290
Redhat
No data.