A security vulnerability in Community Forums for Confluence has been discovered. The vulnerability is classified as high according to Atlassian's security severity levels and only affects Forums menu. We strongly recommend customers or later of Community Forums as soon as possible.
About the vulnerability
The vulnerability affects the Forums Menu on all versions after Community Forums for Confluence after version 2.4. The vulnerability allows a malicious user to inject a persistent cross-site scripting attack on the Forums menu. We have not detected any instances of this vulnerability being exploited across our entire customer base.
How to fix the vulnerability
If you are unable to upgrade at this time we recommend you disable the Forums menu in the Community Forums for Confluence section of the Confluence Administrator menu.
For more information on how to do this please visit our documentation.
If you have urgent questions please contact our support team.