Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Atlassian Confluence Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-21678 - Vulnerability Database
Atlassian Confluence

Atlassian Confluence Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-21678

High
Reference: CVE-2024-21678
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-21678
Title: Atlassian Confluence Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability with a CVSS Score of 8.5 allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality low impact to integrity no impact to availability and requires no user interaction. Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version. If you are unable to do so upgrade your instance to one of the specified supported fixed versions: Affected versionsFixed versions from 8.7.0 to 8.7.18.8.0 recommended or 8.7.2 from 8.6.0 to 8.6.18.8.0 recommended from 8.5.0 to 8.5.4 LTS8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS from 8.4.0 to 8.4.58.8.0 recommended or 8.5.6 LTS from 8.3.0 to 8.3.48.8.0 recommended or 8.5.6 LTS from 8.2.0 to 8.2.38.8.0 recommended or 8.5.6 LTS from 8.1.0 to 8.1.48.8.0 recommended or 8.5.6 LTS from 8.0.0 to 8.0.48.8.0 recommended or 8.5.6 LTS from 7.20.0 to 7.20.38.8.0 recommended or 8.5.6 LTS from 7.19.0 to 7.19.17 LTS8.8.0 recommended or 8.5.6 LTS or 7.19.18 LTS or 7.19.19 LTS from 7.18.0 to 7.18.38.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS from 7.17.0 to 7.17.58.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS Any earlier versions8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS Server Atlassian recommends that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so upgrade your instance to one of the specified supported fixed versions: Affected versionsFixed versions from 8.5.0 to 8.5.4 LTS8.5.5 LTS or 8.5.6 LTS recommended from 8.4.0 to 8.4.58.5.6 LTS recommended from 8.3.0 to 8.3.48.5.6 LTS recommended from 8.2.0 to 8.2.38.5.6 LTS recommended from 8.1.0 to 8.1.48.5.6 LTS recommended from 8.0.0 to 8.0.48.5.6 LTS recommended from 7.20.0 to 7.20.38.5.6 LTS recommended from 7.19.0 to 7.19.17 LTS8.5.6 LTS recommended or 7.19.18 LTS or 7.19.19 LTS from 7.18.0 to 7.18.38.5.6 LTS recommended or 7.19.19 LTS from 7.17.0 to 7.17.58.5.6 LTS recommended or 7.19.19 LTS Any earlier versions8.5.6 LTS recommended or 7.19.19 LTS See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center from the download center (https://www.atlassian.com/software/confluence/download-archives). This vulnerability was reported via our Bug Bounty program.