Detections
Analytics
Atlassian Confluence Server < 5.7 Reflected Static Content Injection
low Nessus Network Monitor Plugin ID 9642
Synopsis
The remote Confluence server is affected by a reflected static content injection vulnerability.Description
Versions of Confluence prior to 5.7 contain a flaw that exists in 'plugins/recently-updated/changes.action' that is triggered as input passed via the 'theme' parameter is not properly sanitized. This may allow a remote attacker to reflect arbitrary static content to the browser.Solution
Upgrade to Confluence version 5.7 or later.See Also
https://jira.atlassian.com/browse/CONF-35189
Plugin Details
Severity: Low
ID: 9642
Family: CGI
Published: 10/14/2016
Updated: 3/6/2019
Vulnerability Information
CPE: cpe:/a:atlassian:confluence
Patch Publication Date: 11/17/2014
Vulnerability Publication Date: 4/30/2015