Vulnerability: Atlassian Jira Confluence - Cross-Site Scripting

Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error message of custom fields when an invalid value is specified.

Impact

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user’s browser, potentially leading to session hijacking, data theft, or other malicious activities.

Severity

medium

Verified

Unknown