CVE-2016-6283

MEDIUM

Atlassian Confluence < 5.10.5 - Cross-Site Scripting via newFileName Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-6283. PoCs published by Jodson Santos.

AI-analyzed exploit summary This is a detailed writeup describing a persisted Cross-Site Scripting (XSS) vulnerability in Atlassian Confluence version 5.9.12. The vulnerability allows an attacker to inject malicious JavaScript code by editing the file name property of an attached file, which executes when a search is performed.

Description

Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Jodson Santos · textwebappsjsp
https://www.exploit-db.com/exploits/40989

This is a detailed writeup describing a persisted Cross-Site Scripting (XSS) vulnerability in Atlassian Confluence version 5.9.12. The vulnerability allows an attacker to inject malicious JavaScript code by editing the file name property of an attached file, which executes when a search is performed.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Atlassian Confluence 5.9.12
Auth required
Prerequisites: Access to a page with an attached file · Ability to edit the file name property
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95288
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Jan/12
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Jan/3
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40989/

Scores

CVSS v3 6.1
EPSS 0.0383
EPSS Percentile 88.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
atlassian/confluence < 5.10.5
Published Jan 18, 2017
Tracked Since Feb 18, 2026