Versions Compared

Old Version 3

changes.mady.by.user Madzy Soetman

Saved on

compared with

New Version Current

changes.mady.by.user Madzy Soetman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Security

...

alert

We have found a cross-site scripting (XSS) vulnerability in the global menu feature. Affected versions are RefinedTheme for Confluence 3.0.0 - 5.1.18.

Risk

...

assessment

We have identified and fixed a cross-site scripting (XSS) vulnerability which may affect Confluence instances, including publicly available instances (that is, internet-facing servers). This XSS vulnerability potentially allows an vulnerability potentially allows an attacker to embed their own JavaScript into a global menu item which is rendered on all pages. The attacker needs to have Confluence Admin permissions to be able to insert a link with malicious JavaScript code into a global menu item.

You can read Read more about XSS attacks at http://www.cgisecurity.com/articles/xss-faq.shtml

If you have any questions regarding this matter please contact us at support@refinedwiki.com.

Fixed

...

versions

This issue is resolved and released in version: 5.1.19 and 6.0.0. We strongly recommend you update to one of these versions.