From 2020-11-25 to 2020-12-02
We have released multiple versions of External Share for Cloud and Server (2.4.0).
They contain numerous security patches:
External Share for Confluence (Server)
XSS via attachment name on external page
XSS in view links form via user full name
XSS via attached SVG
XSS via attached HTML
Reflected XSS via redirect param on password page
Invalidated Redirect on password page
XSS via space name in global share list
SQL Injection - GET /share (sort / sort order)
External Share for Confluence (Cloud)
XSS via attachment name on external page
XSS in view links form via user full name
Reflected XSS via redirect param on password page
Invalidated Redirect on password page
XSS via space name in global share list
SQL Injection - GET /share (sort / sort order)