Security Advisory 2018-05-15

Owned by Johannes Laatu (Deactivated)
Last updated: Jan 25, 2023 by Madzy Soetman
1 min read

Security Alert

We have found a cross-site scripting (XSS) vulnerability in the News Module and News Macro.

Risk Assessment

We have identified and fixed a cross-site scripting (XSS) vulnerability which may affect Confluence Cloud instances with RefinedSpaces installed. This XSS vulnerability potentially allows an attacker to embed their own JavaScript into a blog post title which is then displayed using the News Module and News Macro.

Read more about XSS attacks.

If you have any questions regarding this matter please contact us at support@refinedwiki.com.

Fixed Versions

A fix for this issue is already deployed to production. No action is required from your part.Â