The remote web application is affected by multiple cross-site
According to its self-reported version number, the instance of
Atlassian Confluence on the remote host is a 2.x version that is 2.7
or later, or else version 3.x prior to 3.4.6. It is, therefore,
affected by multiple, cross-site scripting vulnerabilities.
Errors in the validation of input data to certain macros allow
unfiltered data to be returned to a user's browser. The affected
macros are: Code, Attachments, Bookmarks, Global Reports, Recently
Updated, Pagetree, Create Space Button and Documentation Link.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Confluence version 3.4.6 or later, or apply the appropriate
Risk factor :
Low / CVSS Base Score : 3.5
CVSS Temporal Score : 2.9
Public Exploit Available : true