/
Security advisory 2019-10-16

Security advisory 2019-10-16

Owned by Johannes Laatu (Deactivated)
Last updated: Jan 04, 2023 by Madzy Soetman
1 min read

Security alert

We have found a cross-site scripting (XSS) vulnerability that affected blog post content shown on dashboards using the news module. Affected versions are Refined for Confluence 6.1.2 - 6.1.8.

Risk assessment

The cross-site scripting (XSS) vulnerability affected blog post content shown on dashboards using the news module. If the attacker is allowed to create/edit blog posts that are then added to the dashboard news module rotation, a potential script could be triggered. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence blog post. 

Read more about XSS attacks.

If you have any questions regarding this matter please contact us.

Fixed versions

This issue is resolved and released in version 6.1.9 We strongly recommend you update to this version.