VDB

CVE-2024-21686

CVE-2024-21686 PUBLISHED CVSS 7.300000190734863 HIGH

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:   \n h2. Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions: |Affected versions|Fixed versions| |8.9.0|8.9.1| |from 8.8.0 to 8.8.1|8.9.1| |from 8.7.0 to 8.7.2|8.9.1| |from 8.6.0 to 8.6.2|8.9.1| |from 8.5.0 to 8.5.8 LTS|8.9.1 or 8.5.9 LTS recommended| |from 8.4.0 to 8.4.5|8.9.1 or 8.5.9 LTS recommended| |from 8.3.0 to 8.3.4|8.9.1 or 8.5.9 LTS recommended| |from 8.2.0 to 8.2.3|8.9.1 or 8.5.9 LTS recommended| |from 8.1.0 to 8.1.4|8.9.1 or 8.5.9 LTS recommended| |from 8.0.0 to 8.0.4|8.9.1 or 8.5.9 LTS recommended| |from 7.20.0 to 7.20.3|8.9.1 or 8.5.9 LTS recommended| |from 7.19.0 to 7.19.21 LTS|8.9.1 or 8.5.9 LTS recommended or 7.19.22 LTS| |from 7.18.0 to 7.18.3|8.9.1 or 8.5.9 LTS recommended or 7.19.22 LTS| |from 7.17.0 to 7.17.5|8.9.1 or 8.5.9 LTS recommended or 7.19.22 LTS| |Any earlier versions|8.9.1 or 8.5.9 LTS recommended or 7.19.22 LTS|   \n h2. Server Atlassian recommends that Confluence Server customers upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions: |Affected versions|Fixed versions| |from 8.5.0 to 8.5.8 LTS|8.5.9 LTS recommended| |from 8.4.0 to 8.4.5|8.5.9 LTS recommended| |from 8.3.0 to 8.3.4|8.5.9 LTS recommended| |from 8.2.0 to 8.2.3|8.5.9 LTS recommended| |from 8.1.0 to 8.1.4|8.5.9 LTS recommended| |from 8.0.0 to 8.0.4|8.5.9 LTS recommended| |from 7.20.0 to 7.20.3|8.5.9 LTS recommended| |from 7.19.0 to 7.19.21 LTS|8.5.9 LTS recommended or 7.19.22 LTS| |from 7.18.0 to 7.18.3|8.5.9 LTS recommended or 7.19.22 LTS| |from 7.17.0 to 7.17.5|8.5.9 LTS recommended or 7.19.22 LTS| |Any earlier versions|8.5.9 LTS recommended or 7.19.22 LTS|   See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives). This vulnerability was reported via our Bug Bounty program.

EPSS 2.57% · 85.8th percentile

Risk Scores

CVSS 3.0
7.300000190734863
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS Score
2.57%
85.8th percentile

Affected Products

VendorProductVersions
AtlassianConfluence Server
AtlassianConfluence Data Center

Timeline

  • Jul 16, 2024 CVE Published
  • Jul 17, 2024 EPSS Score
  • Aug 8, 2024 EPSS Score
  • Aug 30, 2024 EPSS Score
  • Oct 12, 2024 EPSS Score
  • Nov 3, 2024 EPSS Score
  • Nov 25, 2024 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Jan 8, 2025 EPSS Score
  • Jan 30, 2025 EPSS Score
  • Mar 14, 2025 EPSS Score
  • Mar 19, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›