For more info please read the 4.0 release notes. 

XSS vulnerability resolved 

A cross-site scripting (XSS) vulnerability in the activity stream is identified and resolved. Affected versions are RefinedWiki Original Theme 3.x - 4.0.x. We recommend you to upgrade to this version: 4.0.12. Fixes are also included in version 3.5.13 and version 4.1.

Our thanks to Manuel Hofer (SEC Consult Vulnerability Lab) who reported the XSS vulnerability.

Risk Assessment

The cross-site scripting (XSS) vulnerability affect Confluence instances, including publicly available instances (that is, internet-facing servers), if the attacker is allowed to edit pages. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at (


  • No labels