Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters.

This vulnerability was discovered by Colin Xu.

Affected versions:

• version < 7.4.2
• 7.5.0 ≤ version < 7.5.2

Fixed versions:

• 7.4.2
• 7.5.2
• 7.6.0