Multiple Confluence plugins vulnerable to XSS exploits

guest · Oct 12, 2020

Multiple Confluence plugins vulnerable to XSS exploits
Update ASAP if you use PlantUML, Refined, Linking, Countdown Timer, or Server Status extensions
October 12, 2020
https://portswigger.net/daily-swig/multiple-confluence-plugins-vulnerable-to-xss-exploits

Stored cross-site scripting (XSS) vulnerabilities unearthed in a raft of Confluence plugins allow attackers to inject malicious JavaScript code into pages used within the corporate collaboration platform.

Organizations that use the five Confluence plugins in question – PlantUML, Refined, Linking, Countdown Timer, and Server Status – have been urged to update their systems with newly released versions.
Security researchers from SEC Consult have also advised organizations to perform “an in-depth security analysis” since “the plugins may be affected [by] further security issues”, according to a security advisory published by the cybersecurity consultancy.

“Companies using Confluence Plugins should be aware that insecure plugins can pose a threat to the Confluence security mechanisms,” said Ferdigg and Teuchert. “Therefore it is important to take security into account when selecting Confluence plugins.”
SEC Consult’s advisory includes proof-of-concepts for each vulnerability.
Click to expand...

Log in or Sign up

Multiple Confluence plugins vulnerable to XSS exploits

guest Guest

Log in or Sign up

Multiple Confluence plugins vulnerable to XSS exploits

guest Guest

Useful Searches