Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

We wish to advise our customers of a cross-site scripting (XSS) vulnerability that affects the UI Button macro and UI Image macro macros. Affected versions are Refined Toolkit for Confluence Server 1.0 - 2.2.5.

Risk Assessment

The vulnerability allows an attacker to inject scripts that are run when the button is clicked. The attacker needs to have permission to add or edit Confluence pages or blog posts in order to exploit the vulnerability.

If you have any questions regarding this matter please contact us at support@refined.com.

Fixed Versions

This issue is resolved and released in version: Version 2.2.7. We strongly recommend you update to this version as soon as possible.


We'd like to thank  Daniel Teuchert and Roman Ferdigg (discovery, analysis, coordination) from the SEC Consult Vulnerability Lab for responsibly reporting the identified issue and working with us as we addressed it.

  • No labels