We have identified and fixed a vulnerability in Confluence that results from the way third-party XML parsers are used in Confluence. This vulnerability allows an attacker to:
The attacker does not need to have an account with the affected Confluence instance.
All versions of Confluence up to and including 4.1.9 are affected.
Full details of the severity, risks and vulnerability can be found in the [Confluence Security Advisory 2012-05-17|http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17].