Vulnerability-Lookup

GHSA-7X5G-HWFP-5CWV

Vulnerability from github – Published: 2022-05-17 00:13 – Updated: 2022-05-17 00:13

Details

The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.

Severity

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-16856"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-05T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.",
  "id": "GHSA-7x5g-hwfp-5cwv",
  "modified": "2022-05-17T00:13:27Z",
  "published": "2022-05-17T00:13:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16856"
    },
    {
      "type": "WEB",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-54395"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102094"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2017-16856 (GCVE-0-2017-16856)

Vulnerability from cvelistv5 – Published: 2017-12-05 16:00 – Updated: 2024-09-16 23:10

Summary

Severity

No CVSS data available.

CWE

Cross Site Scripting (XSS)

Assigner

atlassian

References

2 references

URL	Tags
https://jira.atlassian.com/browse/CONFSERVER-54395	x_refsource_CONFIRM
http://www.securityfocus.com/bid/102094	vdb-entryx_refsource_BID

Impacted products

1 product

Vendor	Product	Version
Atlassian	Confluence	Affected: All versions prior to version 6.5.2

Date Public

2017-12-05 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:35:21.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-54395"
          },
          {
            "name": "102094",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102094"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to version 6.5.2"
            }
          ]
        }
      ],
      "datePublic": "2017-12-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross Site Scripting (XSS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01.000Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-54395"
        },
        {
          "name": "102094",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102094"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2017-12-05T00:00:00",
          "ID": "CVE-2017-16856",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior to version 6.5.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross Site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-54395",
              "refsource": "CONFIRM",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-54395"
            },
            {
              "name": "102094",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102094"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2017-16856",
    "datePublished": "2017-12-05T16:00:00.000Z",
    "dateReserved": "2017-11-16T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:10:55.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-7X5G-HWFP-5CWV

CVE-2017-16856 (GCVE-0-2017-16856)

Tags

Sightings

Nomenclature