Atlassian Confluence Server < 5.7 Reflected Static Content Injection
Medium Nessus Network Monitor Plugin ID 9642
The remote Confluence server is affected by a reflected static content injection vulnerability.
Versions of Confluence prior to 5.7 contain a flaw that exists in 'plugins/recently-updated/changes.action' that is triggered as input passed via the 'theme' parameter is not properly sanitized. This may allow a remote attacker to reflect arbitrary static content to the browser.