Description
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.
Remediation
References
Related Vulnerabilities
WordPress Plugin Chat-Support Board-WordPress Chat Multiple SQL Injection Vulnerabilities (3.3.3)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3455)
WordPress Plugin Loco Translate PHP Code Injection (2.5.3)
WordPress 4.0.x Cross-Domain Flash Injection Vulnerability (4.0 - 4.0.21)