The host is installed with Atlassian Confluence Server before 7.4.2 or 7.5.x before 7.5.2 and is prone to a cross-site scripting vulnerability. A flaw is present in the application which fails to properly handle the usage of user macro parameters. Successful exploitation allows remote attackers to inject arbitrary HTML or JavaScript.