Confluence XSS via Livesearch macro before 7.7.4
CVE-2020-36290 Published on July 26, 2022
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.
Products Associated with CVE-2020-36290
Want to know whenever a new CVE is published for Atlassian Confluence? stack.watch will email you.
Affected Versions
Atlassian Confluence Server:- Version unspecified and below 7.4.5 is affected.
- Version 7.5.0 and below unspecified is affected.
- Version unspecified and below 7.6.3 is affected.
- Version 7.7.0 and below unspecified is affected.
- Version unspecified and below 7.7.4 is affected.
- Version unspecified and below 7.4.5 is affected.
- Version 7.5.0 and below unspecified is affected.
- Version unspecified and below 7.6.3 is affected.
- Version 7.7.0 and below unspecified is affected.
- Version unspecified and below 7.7.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.