Atlassian Confluence < 6.4.2 issuesURL Parameter Reflected XSS (CVE-2017-18086)
Medium Nessus Plugin ID 106948
SynopsisA web application running on the remote host is affected by a reflected cross-site scripting vulnerability.
DescriptionAccording to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.4.2.
It is, therefore, affected by a reflected cross-site scripting vulnerability in multiple resources that use the issuesURL parameter.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Atlassian Confluence version 6.4.2 or later.