CVE-2020-14175: XSS
First published: Fri Jul 24 2020(Updated: )
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Confluence Data Center | <7.4.2 | |
| Atlassian Confluence Data Center | >=7.5.0<7.5.2 | |
| Atlassian Confluence Server | <7.4.2 | |
| Atlassian Confluence Server | >=7.5.0<7.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Confluence Server and Data Center vulnerability?
The vulnerability ID is CVE-2020-14175.
What is the severity level of CVE-2020-14175?
The severity level of CVE-2020-14175 is medium with a CVSS score of 5.4.
Which versions of Atlassian Confluence Server and Data Center are affected by CVE-2020-14175?
Versions before 7.4.2 and from 7.5.0 to 7.5.2 of Atlassian Confluence Server and Data Center are affected by CVE-2020-14175.
What is the type of vulnerability in CVE-2020-14175?
CVE-2020-14175 is a Cross-Site Scripting (XSS) vulnerability.
How can an attacker exploit CVE-2020-14175?
Remote attackers can exploit CVE-2020-14175 by injecting arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/atlassian
- canonical/atlassian confluence data center
- version/atlassian confluence data center/7.5.0
- canonical/atlassian confluence server
- version/atlassian confluence server/7.5.0