Veit Hailperin

Name of the Vulnerable Software and Affected Versions: Atlassian Confluence Server versions prior to 6.3.4 Description: The issue allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro in the usermacros resource. Recommendations: For versions prior to 6.3.4, update to version 6.3.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv Dell SonicWALL Secure Remote Access (SRA) products with firmware 8.x before 8.0.0.1-16sv **Description** A cross-site request forgery (CSRF) issue exists in the user portal of the affected products, allowing remote attackers to hijack user authentication for requests that create bookmarks via a crafted request to "cgi-bin/editBookmark". **Recommendations** For firmware versions before 7.5.1.0-38sv, update to version 7.5.1.0-38sv or later. For firmware versions 8.x before 8.0.0.1-16sv, update to version 8.0.0.1-16sv or later.