Details
-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
7.4.0, 7.4.7
-
Severity 3 - Minor
-
4.8
Description
Affected versions of Atlassian Confluence Server and Data Centre allow a remote attacker to inject arbitrary Javascript into the context of the application via a Cross-Site Scripting vulnerability in the `docreatepagetemplate.action` template. This exploit requires an administrator to click on a malicious link.
The affected versions are before version 7.4.0.
Affected versions:
- 7.4.0
Fixed versions:
- 7.4.8, 7.8.0