CVE-2017-18085

Name of the Vulnerable Software and Affected Versions: Atlassian Confluence Server versions prior to 6.6.1

Description: The issue allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. This is achieved through the key parameter in the viewdefaultdecorator resource.

Recommendations: For versions prior to 6.6.1, update to version 6.6.1 or later to resolve the issue.