Atlassian Confluence < 6.6.1 viewdefaultdecorator Reflected XSS (CVE-2017-18085)
Medium Nessus Plugin ID 106949
SynopsisA web application running on the remote host is affected by a reflected cross-site scripting vulnerability.
DescriptionAccording to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.6.1.
It is, therefore, affected by a reflected cross-site scripting vulnerability in the viewdefaultdecorator resource.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Atlassian Confluence version 6.6.1 or later.