Confluence XSS via Livesearch macro before 7.7.4
CVE-2020-36290 Published on July 26, 2022
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.
Products Associated with CVE-2020-36290
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-36290 are published in Atlassian Confluence:
Affected Versions
Atlassian Confluence Server:- Version unspecified and below 7.4.5 is affected.
- Version 7.5.0 and below unspecified is affected.
- Version unspecified and below 7.6.3 is affected.
- Version 7.7.0 and below unspecified is affected.
- Version unspecified and below 7.7.4 is affected.
- Version unspecified and below 7.4.5 is affected.
- Version 7.5.0 and below unspecified is affected.
- Version unspecified and below 7.6.3 is affected.
- Version 7.7.0 and below unspecified is affected.
- Version unspecified and below 7.7.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.