Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

We wish to advise our customers of a cross-site scripting (XSS) vulnerability that affects the UI Button macro and UI Image macro macros. Affected versions are Refined Toolkit for Confluence Server 1.0 - 2.2.5.

...

This issue is resolved and released in version: Version 2.2.7. We strongly recommend you update to this version as soon as possible.


We'd like to thank  Daniel Teuchert and Roman Ferdigg (discovery, analysis, coordination) from the SEC Consult Vulnerability Lab for responsibly reporting the identified issue and working with us as we addressed it.