Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Atlassian Confluence Server 5.8.x < 5.8.6 Multiple Vulnerabilities

Medium

Synopsis

The remote Confluence server is affected by multiple vulnerabilities.

Description

Versions of Confluence 5.8.x prior to 5.8.6 are affected by multiple vulnerabilities :

- A flaw exists that is triggered during the handling of disabled user accounts. This may allow a user with a disabled account still to receive unintended notifications that contain sensitive information. (OSVDB 126881) - A flaw exists that allows a stored cross-site scripting (XSS) attack. This flaw exists because the comment module does not validate input when handling comments in embedded SWF files before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 127100)

Solution

Upgrade to Confluence 5.8.x version 5.8.6 or later.