Synopsis
The remote Confluence server is affected by a reflected static content injection vulnerability.
Description
Versions of Confluence prior to 5.7 contain a flaw that exists in 'plugins/recently-updated/changes.action' that is triggered as input passed via the 'theme' parameter is not properly sanitized. This may allow a remote attacker to reflect arbitrary static content to the browser.
Solution
Upgrade to Confluence version 5.7 or later.