We wish to advise our customers of a cross-site scripting (XSS) vulnerability that affects the UI Button macro and macro and UI Image macro macrosmacro macros. Affected versions are Refined Toolkit for Confluence Server 1.0 - 2.2.5.
...
If you have any questions regarding this matter please contact us at support@refined.com.
Fixed Versions
This issue is resolved and released in version : Version 2.2.7. We strongly recommend you update to this version as soon as possible.
We'd like to thank Daniel Teuchert and Roman Ferdigg (discovery, analysis, coordination) from the SEC Consult Vulnerability Lab for responsibly reporting the identified issue and working with us as we addressed it.