Atlassian Confluence 2.x >= 2.7 / 3.x < 3.4.6 Multiple XSS

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.

Synopsis :

The remote web application is affected by multiple cross-site
scripting vulnerabilities.

Description :

According to its self-reported version number, the instance of
Atlassian Confluence on the remote host is a 2.x version that is 2.7
or later, or else version 3.x prior to 3.4.6. It is, therefore,
affected by multiple, cross-site scripting vulnerabilities.

Errors in the validation of input data to certain macros allow
unfiltered data to be returned to a user's browser. The affected
macros are: Code, Attachments, Bookmarks, Global Reports, Recently
Updated, Pagetree, Create Space Button and Documentation Link.

Note that Nessus has not tested for these issues, but has instead
relied only on the application's self-reported version number.

See also :

Solution :

Upgrade to Confluence version 3.4.6 or later, or apply the appropriate
vendor patch.

Risk factor :

Low / CVSS Base Score : 3.5
CVSS Temporal Score : 2.9
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 53575 ()

Bugtraq ID: 47398