Security Alert
We have found a cross-site scripting (XSS) vulnerability in the News Module and News Macro.
Risk Assessment
We have identified and fixed a cross-site scripting (XSS) vulnerability which may affect Confluence Cloud instances with RefinedSpaces installed. This XSS vulnerability potentially allows an attacker to embed their own JavaScript into a blog post title which is then displayed using the News Module and News Macro.
You can read more about XSS attacks at http://www.cgisecurity.com/articles/xss-faq.shtml
If you have any questions regarding this matter please contact us at support@refinedwiki.com.
Fixed Versions
A fix for this issue is already deployed to production. No action is required from your part.