CVE-2015-8398

Name of the Vulnerable Software and Affected Versions Atlassian Confluence versions prior to 5.8.17

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to the "rest/prototype/1/session/check" API endpoint.

Recommendations For versions prior to 5.8.17, update to version 5.8.17 or later to resolve the issue.