Sven Schlüter

**Name of the Vulnerable Software and Affected Versions** Teamlead Reminder plugin for Jira versions through 2.6.5 **Description** The issue allows for persistent XSS via the `message` parameter. This can lead to malicious scripts being executed on the client-side, potentially compromising user data or taking control of user sessions. **Recommendations** For versions through 2.6.5, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of XSS attacks. Avoid using the `message` parameter in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MoroSystems EasyMind - Mind Maps plugin versions prior to 2.15.0 for Confluence **Description** The issue allows persistent XSS when saving a Mind Map with the `hyperlink` parameter. This can lead to the execution of malicious scripts within the application. **Recommendations** For MoroSystems EasyMind - Mind Maps plugin versions prior to 2.15.0, update to version 2.15.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the hyperlink parameter when saving Mind Maps until a patch is available.