Patrick Schlüter

**Name of the Vulnerable Software and Affected Versions** TouchDown Timesheet tracking component for Jira version 4.1.4 **Description** The issue allows for XSS in the calendar view. **Recommendations** For version 4.1.4, update to a version that fixes the XSS issue in the calendar view, as the current version allows for XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Stiltsoft Handy Macros for Confluence Server/Data Center versions 3.x through 3.5.4 **Description** The issue allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Handy Tip macro. This can be exploited by attackers to inject malicious code. **Recommendations** For versions 3.x through 3.5.4, update to version 3.5.5 or later to resolve the issue. As a temporary workaround, consider disabling the Handy Tip macro until a patch is available. Restrict access to the macro to minimize the risk of exploitation.