Description
The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Comment Rating Cross-Site Scripting (1.5.3)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-16862)
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.5)
WordPress Plugin Media Tagz Gallery Multiple Unspecified Vulnerabilities (1.0)
ReviveAdserver Improper Access Control Vulnerability (CVE-2015-7367)