...
We have identified and fixed a cross-site scripting (XSS) vulnerability which may affect Confluence Cloud instances with RefinedSpaces installed. This XSS vulnerability potentially allows an attacker to embed their own JavaScript into a blog post title which is then displayed using the News Module and News Macro.
You can read Read more about XSS attacks at http://www.cgisecurity.com/articles/xss-faq.shtml
If you have any questions regarding this matter please contact us at support@refinedwiki.com.
...