CVE-2018-13389: Input Validation
First published: Tue Jul 10 2018(Updated: )
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Confluence | <6.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2018-13389.
What is the title of the vulnerability?
The title of the vulnerability is 'The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content'.
What is the severity of CVE-2018-13389?
The severity of CVE-2018-13389 is medium with a severity value of 4.7.
How does CVE-2018-13389 affect Atlassian Confluence?
CVE-2018-13389 affects Atlassian Confluence before version 6.6.1.
How can remote attackers exploit CVE-2018-13389?
Remote attackers can exploit CVE-2018-13389 by spoofing web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.
- collector/nvd-index
- agent/type
- agent/tags
- agent/event
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian confluence