CVE-2015-8399

MEDIUM NUCLEI

Atlassian Confluence <5.8.17 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8399. PoCs published by Sebastian Perez. A Nuclei detection template is also available.

AI-analyzed exploit summary The document describes two vulnerabilities in Atlassian Confluence: a reflected XSS (CVE-2015-8398) and an Insecure Direct Object Reference (CVE-2015-8399). It includes PoC URLs for both vulnerabilities but does not contain executable exploit code.

Description

Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.

Exploits (1)

exploitdb WRITEUP
by Sebastian Perez · textwebappsxml
https://www.exploit-db.com/exploits/39170

The document describes two vulnerabilities in Atlassian Confluence: a reflected XSS (CVE-2015-8398) and an Insecure Direct Object Reference (CVE-2015-8399). It includes PoC URLs for both vulnerabilities but does not contain executable exploit code.

Classification
Writeup 100%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Atlassian Confluence 5.2 / 5.8.14 / 5.8.15 / 5.9.1
No auth needed
Prerequisites: Network access to the target Confluence server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Atlassian Confluence <5.8.17 - Information Disclosure
MEDIUMby princechaddha
Shodan: http.component:"Atlassian Confluence" || cpe:"cpe:2.3:a:atlassian:confluence" || http.component:"atlassian confluence"

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/537232/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39170/

Scores

CVSS v3 4.3
EPSS 0.6111
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
atlassian/confluence < 5.8.16
Published Apr 11, 2016
Tracked Since Feb 18, 2026