CVE-2018-13389

The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.

Published: Jul 10, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-13389
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.7
AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
atlassian / confluence	-	6.6.1

http://www.securityfocus.com/bid/104755
https://jira.atlassian.com/browse/CONFSERVER-54906

Vulnerability Database

290,020

CVE-2018-13389