CVE-2019-15233

Sažetak

The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie.

Reference

https://github.com/l0nax/CVE-2019-15233
https://marketplace.atlassian.com/apps/1215287/live-input-macros?hosting=server&tab=versions

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-04-2020 - 16:24

Objavljeno

20-08-2019 - 14:15