Uploaded image for project: 'Forms for Confluence - Development'
  1. Forms for Confluence - Development
  2. FORMS-523

Forms - 2019/11 Vulnerability & Patch (Public)

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Done
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: All
    • Fix Version/s: 8.1.1
    • Labels:
      None

      Description

      Description

      An internal investigation has discovered vulnerabilities in Forms for Confluence.  The Forms Macros, 'Destination List' & 'Administration page' were found to be vulnerable to persistent cross site scripting (XSS). The vulnerability allows a malicious user with Confluence edit or comment permissions for Confluence to inject Javascript into Forms Macros.

      This vulnerability has been rated as high, in line with Atlassian's Severity Levels for Security Issues

      Based on our investigations, we have not found any instances of this vulnerability being exploited.

      Recommendations

      We recommend upgrading to Content Formatting version 8.1.1 or higher, as soon as possible.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              dlindsay Dylan Lindsay
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: