Details
-
Bug
-
Resolution: Fixed
-
Low
-
5.0.1, 7.2.1
-
Severity 3 - Minor
-
Description
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters.
This vulnerability was discovered by Colin Xu.
Affected versions:
- version < 7.4.2
- 7.5.0 ≤ version < 7.5.2
Fixed versions:
- 7.4.2
- 7.5.2
- 7.6.0