CVE-2019-15053

MEDIUM

Atlassian Html Include And Replace Macro < 1.4.2 - XSS

Title source: rule

Description

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.

Exploits (1)

nomisec WORKING POC

by l0nax · poc

https://github.com/l0nax/CVE-2019-15053

View Code ZIP pw:eip

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://marketplace.atlassian.com/apps/4885/html-include-and-replace-macro?hosting=server&tab=versions

Exploit, Third Party Advisory x_refsource_misc

https://github.com/l0nax/CVE-2019-15053

Scores

CVSS v3 6.8

EPSS 0.0148

EPSS Percentile 81.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Details

CWE

CWE-79

Status published

Products (1)

atlassian/html_include_and_replace_macro 1.1 - 1.4.2

Published Aug 14, 2019

Tracked Since Feb 18, 2026