We were recently made aware of a security vulnerability in the Content Formatting Macros for Confluence plugin.
The security vulnerability affects all releases up to and including version 6.3.4
About the vulnerability
The vulnerability was discovered within the LaTex Macro which allowed code to be executed after page rendering, thereby exposing user instances to cross-site scripting attacks. Subsequent investigations found that the Restful Table macro was also vulnerable to the same type of attack.
This vulnerability has been rated as Critical according to Atlassian's Security Ranking Scale and was identified as part of an internal security audit of our source code. Once we became aware of the issue, the flaw was fixed immediately.
How to fix the vulnerability
In order to fix the vulnerability users must upgrade to Content Formatting Macro for Confluence version 6.3.5