Description

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7.5.0 before 7.5.1.

Remediation

References

CVE-2020-4027

Related Vulnerabilities

Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-10795)

WordPress Plugin Contact Form for WordPress-Ultimate Form Builder Lite Cross-Site Scripting (1.3.3)

concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3111)

WordPress Plugin Click to Call or Chat Buttons Cross-Site Scripting (1.4.0)

OpenSSL Other Vulnerability (CVE-2004-0079)

Severity

Medium

Classification

CVE-2020-4027 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities