June 26, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Google Chrome Vulnerabilities
August 23, 2024
Qilin Ransomware Commits Credential Theft from Google Chrome Browsers
August 23, 2024
Multiple Google Chrome Vulnerabilities
August 23, 2024
Qilin Ransomware Commits Credential Theft from Google Chrome Browsers
August 23, 2024
Severity
High
Analysis Summary
CVE-2024-21690
Atlassian Confluence Data Center and Server are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-21690
Affected Vendors
Atlassian
Affected Products
- Atlassian Confluence Data Center 8.7.1
- Atlassian Confluence Data Center 8.7.2
- Atlassian Confluence Data Center 8.8.0
- Atlassian Confluence Data Center 8.8.1
Remediation
Refer to Atlassian Security Advisory for patch, upgrade or suggested workaround information.