The following i18n calls are passed unsafe variables. This means that while a vulnerability is not currently present in the English version, it is possible that vulnerabilities could exist in translations produced by well-meaning parties.

Additionally, seemingly safe changes to these i18n keys could introduce vulnerabilities which would not be picked up again by our scanner.

Unsafe i18n calls:
confluence-core/confluence-webapp/src/main/webapp/pages/removecomment.vm

$action.getText("title.remove.comment", [$action.getPage().getTitle()])

confluence-core/confluence-webapp/src/main/webapp/template/includes/page-move-templates.vm:

$i18n.getText("move.page.dialog.location.description", [$page.title])

$i18n.getText('tip.edit.movepage.search', [$page.title])

These variables are currently unused in the English translations, so could be removed. Alternatively, they could be escaped by replacing the lines with the following (respectively):

confluence-core/confluence-webapp/src/main/webapp/pages/removecomment.vm

$action.getText("title.remove.comment", ["$action.getPage().getTitle()"])

confluence-core/confluence-webapp/src/main/webapp/template/includes/page-move-templates.vm:

$i18n.getText("move.page.dialog.location.description", ["$page.title"])

$i18n.getText('tip.edit.movepage.search', ["$page.title"])