CVE-2018-13389

Published: Jul 10, 2018Modified: Nov 21, 2024

4.7

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.

Affected (1)

Products: Atlassian: Confluence

Atlassian

1 product

Confluence

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Atlassian Confluence	Before 6.6.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.securityfocus.com/bid/104755

Source: security@atlassian.com

Third Party AdvisoryVDB Entry

https://jira.atlassian.com/browse/CONFSERVER-54906

Source: security@atlassian.com

Issue TrackingPatchVendor Advisory

http://www.securityfocus.com/bid/104755

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://jira.atlassian.com/browse/CONFSERVER-54906

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

Timeline

No history available yet.