CVE-2019-20102 is a vulnerability in Atlassian Confluence
Published on April 22, 2020
The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter.
Products Associated with CVE-2019-20102
Want to know whenever a new CVE is published for Atlassian Confluence? stack.watch will email you.
Affected Versions
Atlassian Confluence Server:- Version 6.14.0 and below unspecified is affected.
- Version unspecified, <= 6.14.3 is affected.
- Version 6.15.0 and below unspecified is affected.
- Version unspecified and below 6.15.5 is affected.
Exploit Probability
EPSS
0.42%
Percentile
61.48%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.