Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Security

...

alert

We have found a cross-site scripting (XSS) vulnerability that affected blog post content shown on dashboards using the news module. Affected versions are Refined for Confluence 6.1.2 - 6.1.8.

Risk

...

assessment

The cross-site scripting (XSS) vulnerability affected blog post content shown on dashboards using the news module. If the attacker is allowed to create/edit blog posts that are then added to the dashboard news module rotation, a potential script could be triggered. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence blog post. 

You can read Read more about XSS attacks at http://www.cgisecurity.com/articles/xss-faq.shtml

If you have any questions regarding this matter please contact us at support@refined.com.

Fixed

...

versions

This issue is resolved and released in version : Version 6.1.9 We 9 We strongly recommend you update to this version.