For more info please read the 4.0 release notes. 

XSS vulnerability resolved 

A cross-site scripting (XSS) vulnerability in the activity stream is identified and resolved. Affected versions are RefinedWiki Original Theme 3.x - 4.0.x. We recommend you to upgrade to this version: 4.0.12. Fixes are also included in version 3.5.13 and version 4.1.

Our thanks to Manuel Hofer (SEC Consult Vulnerability Lab) who reported the XSS vulnerability.


Risk Assessment

The cross-site scripting (XSS) vulnerability affect Confluence instances, including publicly available instances (that is, internet-facing servers), if the attacker is allowed to edit pages. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at cgisecurity.com (http://www.cgisecurity.com/articles/xss-faq.shtml)

 

  • No labels

Version 4.0.12 FAQ

Popular Questions

We can't find any questions. Check the topic exists.

You are evaluating RefinedTheme.