Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Atlassian Confluence Server < 5.7 Reflected Static Content Injection

Medium

Synopsis

The remote Confluence server is affected by a reflected static content injection vulnerability.

Description

Versions of Confluence prior to 5.7 contain a flaw that exists in 'plugins/recently-updated/changes.action' that is triggered as input passed via the 'theme' parameter is not properly sanitized. This may allow a remote attacker to reflect arbitrary static content to the browser.

Solution

Upgrade to Confluence version 5.7 or later.