-
Type:
Public Security Vulnerability
-
Resolution: Fixed
-
Priority:
Low
-
Affects Version/s: 7.4.0, 7.4.7
-
Component/s: Content - Blueprints / Templates
-
Severity 3 - Minor
-
4.8
Affected versions of Atlassian Confluence Server and Data Centre allow a remote attacker to inject arbitrary Javascript into the context of the application via a Cross-Site Scripting vulnerability in the `docreatepagetemplate.action` template. This exploit requires an administrator to click on a malicious link.
The affected versions are before version 7.4.0.
Affected versions:
- 7.4.0
Fixed versions:
- 7.4.8, 7.8.0