Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Security Alert

We have found a cross-site scripting (XSS) vulnerability that affected blog post content shown on dashboards using the news module. Affected versions are Refined for Confluence 6.1.2 - 6.1.8.

Risk Assessment

The cross-site scripting (XSS) vulnerability affected blog post content shown on dashboards using the news module. If the attacker is allowed to create/edit blog posts that are then added to the dashboard news module rotation, a potential script could be triggered. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence blog post. 

Read more about XSS attacks.

If you have any questions regarding this matter please contact us.

Fixed Versions

This issue is resolved and released in version 6.1.9 We strongly recommend you update to this version.

  • No labels