CVE-2019-15233

MEDIUM

Old Street Live Input Macros < 2.11 - Stored Cross-Site Scripting via Live:Text Box Macro

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15233. PoCs published by l0nax.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2019-15233, a stored XSS vulnerability in Live Input Macros for Confluence. The exploit involves injecting malicious JavaScript via a crafted input element, which executes when a victim accesses the page, potentially leading to session hijacking.

Description

The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie.

Exploits (1)

nomisec WORKING POC
by l0nax · poc
https://github.com/l0nax/CVE-2019-15233

This repository contains a functional proof-of-concept for CVE-2019-15233, a stored XSS vulnerability in Live Input Macros for Confluence. The exploit involves injecting malicious JavaScript via a crafted input element, which executes when a victim accesses the page, potentially leading to session hijacking.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Live Input Macros for Confluence (versions 2.10 and before)
Auth required
Prerequisites: Access to create or edit a Confluence page with Live Input Macros · Victim must access the malicious page
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/l0nax/CVE-2019-15233

Scores

CVSS v3 6.1
EPSS 0.0118
EPSS Percentile 63.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
oldstreetsolutions/live_input_macros < 2.11
Published Aug 20, 2019
Tracked Since Feb 18, 2026