CVE-2019-15233

MEDIUM

Oldstreetsolutions Live Input Macros < 2.11 - XSS

Title source: rule

Description

The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie.

Exploits (1)

nomisec WORKING POC

by l0nax · poc

https://github.com/l0nax/CVE-2019-15233

View Code ZIP pw:eip

References (2)

Core 2

Core References

Product, Third Party Advisory x_refsource_misc

https://marketplace.atlassian.com/apps/1215287/live-input-macros?hosting=server&tab=versions

Exploit, Third Party Advisory x_refsource_misc

https://github.com/l0nax/CVE-2019-15233

Scores

CVSS v3 6.1

EPSS 0.0104

EPSS Percentile 77.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

oldstreetsolutions/live_input_macros < 2.11

Published Aug 20, 2019

Tracked Since Feb 18, 2026