The “HTML Include and replace macro” plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.
CPE | Name | Operator | Version |
---|---|---|---|
html_include_and_replace_macro | ge | 1.1 | |
html_include_and_replace_macro | le | 1.4.2 |