Security Advisory 2019-10-17

Security Alert

We have found a cross-site scripting (XSS) vulnerability that affected blog post content shown on space home using the news module with the content feed list mode.

Risk Assessment

The cross-site scripting (XSS) vulnerability affected blog post content shown on space homes using the news module with the content feed list mode. If the attacker is allowed to create/edit blog posts that are then added to the dashboard news module rotation, a potential script could be triggered. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence blog post. 

Read more about XSS attacks.

If you have any questions regarding this matter please contact us at support@refined.com.

Fixed Versions

A fix for this issue is already deployed to production. No action is required from your part.