Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CMS

Atlassian Confluence

Confluence is your remote-friendly team workspace where knowledge and collaboration meet.

Official Site:

https://www.atlassian.com/software/confluence

Severity Summary:

Critical: 9 High: 20 Medium: 29
Reference
Title
Severity
CVE-2021-26084
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Critical
CVE-2023-22518
Atlassian Confluence Incorrect Authorization Vulnerability
Critical
CVE-2022-26134
Atlassian Confluence Unauthenticated Remote Code Execution Vulnerability
Critical
CVE-2022-26136
Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability
Critical
CVE-2019-3396
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Critical
CVE-2023-22527
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Critical
CVE-2023-22515
Atlassian Confluence Vulnerability
Critical
CVE-2012-2926
Atlassian Confluence Vulnerability
Critical
CVE-2019-3395
Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability
Critical
CVE-2016-6668
Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2021-39114
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2022-26137
Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability
High
CVE-2023-22508
Atlassian Confluence Vulnerability
High
CVE-2023-22505
Atlassian Confluence Vulnerability
High
CVE-2023-22526
Atlassian Confluence Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2023-22522
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2024-21672
Atlassian Confluence Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2024-21673
Atlassian Confluence Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2024-21674
Atlassian Confluence Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2024-21683
Atlassian Confluence Vulnerability
High
CVE-2019-3398
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2024-21686
Atlassian Confluence Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
High
CVE-2024-21677
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2023-22512
Atlassian Confluence Vulnerability
High
CVE-2021-43940
Atlassian Confluence Uncontrolled Search Path Element Vulnerability
High
CVE-2017-7415
Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2024-21678
Atlassian Confluence Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
High
CVE-2019-20406
Atlassian Confluence Uncontrolled Search Path Element Vulnerability
High
CVE-2019-3394
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2017-18086
Atlassian Confluence Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium