Security
...
alert
We have found a cross-site scripting (XSS) vulnerability that affected blog post content shown on dashboards using the news module. Affected versions are Refined for Confluence 6.1.2 - 6.1.8.
Risk
...
assessment
The cross-site scripting (XSS) vulnerability affected blog post content shown on dashboards using the news module. If the attacker is allowed to create/edit blog posts that are then added to the dashboard news module rotation, a potential script could be triggered. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence blog post.
...
If you have any questions regarding this matter please contact us.
Fixed
...
versions
This issue is resolved and released in version 6.1.9 We strongly recommend you update to this version.