The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/CONFSERVER-60118 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2022-07-26T04:05:14.704626Z
Updated: 2024-09-16T18:24:43.695Z
Reserved: 2021-03-31T00:00:00
Link: CVE-2020-36290
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-07-26T04:15:11.070
Modified: 2022-08-01T16:21:31.830
Link: CVE-2020-36290
Redhat
No data.