Every CVE whose affected-product data names Atlassian Confluence, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2019-3395 — CVSS 9.8 (critical): The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0…
CVE-2012-2926 — CVSS 9.1 (critical): Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6…
CVE-2019-3394 — CVSS 8.8 (high): There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with…
CVE-2019-20406 — CVSS 7.8 (high): The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version…
CVE-2019-15006 — CVSS 6.5 (medium): There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data…
CVE-2017-18086 — CVSS 6.1 (medium): Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a…
CVE-2015-8398 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or…
CVE-2017-16856 — CVSS 6.1 (medium): The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross…
CVE-2016-6283 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or…
CVE-2017-18085 — CVSS 6.1 (medium): The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or…
CVE-2017-18083 — CVSS 5.4 (medium): The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript…
CVE-2017-18084 — CVSS 4.8 (medium): The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript…
CVE-2020-4027 — CVSS 4.7 (medium): Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass…
CVE-2018-13389 — CVSS 4.7 (medium): The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox…
CVE-2019-15005 — CVSS 4.3 (medium): The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans…
CVE-2017-9505 — CVSS 4.3 (medium): Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox…
CVE-2015-8399 — CVSS 4.3 (medium): Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1)…
CVE-2005-3967 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers…