CVE-2019-15053

CVE-2019-15053

EPSS 1.3%

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/l0nax/CVE-2019-15053 https://marketplace.atlassian.com/apps/4885/html-include-and-replace-macro?hosting=server&tab=versions