Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter.

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.4.2.
It is, therefore, affected by a reflected cross-site scripting vulnerability in multiple resources that use the issuesURL parameter.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

CVE-2017-18086

medium

Tenable Plugins

medium