CVE-2020-35121

Name of the Vulnerable Software and Affected Versions Keysight Database Connector plugin versions prior to 1.5.0 for Confluence

Description An issue was discovered in the Keysight Database Connector plugin for Confluence, where a malicious user could insert arbitrary JavaScript into saved macro parameters. This JavaScript would execute when a user viewed a page with that instance of the macro.

Recommendations For versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the macro parameters to minimize the risk of exploitation.