Headline
CVE-2020-29444: [CONFSERVER-61266] Persistent XSS through Team Calendar in Confluence Server - CVE-2020-29444
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.
Affected versions of Team Calendar in Confluence Server allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting vulnerability in admin global setting parameters.
Affected versions:
- < 7.11.0
Fixed version:
- 7.11.0
This vulnerability is attributed to Stefano Castilletti, a security researcher from Apple.