This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote web application is affected by multiple vulnerabilities.
According to its self-reported version number, the instance of
Atlassian Confluence on the remote host is a version prior to 4.3.7. As
such, it may be affected by multiple vulnerabilities :
- A clickjacking vulnerability exists due to the lack of
iframe busting prevention. An attacker may exploit this
to perform a limited amount of actions on the user's
- Persistent cross-site scripting vulnerabilities exist
in the attachment functionality that allows an
attacker to upload files, including Flash files, to a
executed when the page is viewed.
Note that Nessus did not actually test for the flaws above, but instead
has relied on the application's self-reported version number.
See also :
Apply the vendor patches or update to Confluence version 4.3.7 or
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.6
Public Exploit Available : true