-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Low
-
Affects Version/s: 5.0.1, 7.2.1
-
Component/s: Macros - Other Macros
-
Severity 3 - Minor
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters.
This vulnerability was discovered by Colin Xu.
Affected versions:
- version < 7.4.2
- 7.5.0 ≤ version < 7.5.2
Fixed versions:
- 7.4.2
- 7.5.2
- 7.6.0