Atlassian Confluence Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-14175

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2 and from version 7.5.0 before 7.5.2.