Stefano Castilletti

Name of the Vulnerable Software and Affected Versions: Confluence Server versions prior to 7.11.0 Description: The issue allows attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting vulnerability in admin global setting parameters. Recommendations: For versions prior to 7.11.0, update to version 7.11.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Confluence Server versions prior to 7.4.8 Confluence Server versions 7.5.0 through 7.10.9 Description: The issue allows attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. Recommendations: For Confluence Server versions prior to 7.4.8, update to version 7.4.8 or later. For Confluence Server versions 7.5.0 through 7.10.9, update to version 7.11.0 or later.