Description
The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2014-2428 Vulnerability (CVE-2014-2428)
WordPress Plugin WPS Cleaner Multiple Cross-Site Request Forgery Vulnerabilities (1.4.4)
WordPress Plugin Contact Form 7 Database Multiple Vulnerabilities (1.1)
WordPress Plugin Events Shortcodes For The Events Calendar Unspecified Vulnerability (1.7.2)