Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Atlassian Confluence Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2017-16856 - Vulnerability Database
Atlassian Confluence

Atlassian Confluence Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2017-16856

Medium
Reference: CVE-2017-16856
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-16856
Title: Atlassian Confluence Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.