Atlassian Confluence Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2017-18085
Reference:
CVE-2017-18085
Title:
Atlassian Confluence Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.