2 matches found
CVE-2014-8658
Cross-site scripting XSS vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.acti...
CVE-2014-8658
RefinedWiki Original Theme for Confluence (3.x before 3.5.13 and 4.x before 4.0.12) has an XSS flaw. Untrusted Input via versionComment enables arbitrary script/HTML for remote authenticated editors. Root cause: insufficient sanitization of versionComment in pages/doeditpage.action. Impact: poten...