...
We would like to inform our clients about a CSRF (Cross Site Request Forgery) based XSS (Cross Site Scripting) vulnerability that has been found in the S/MIME certificate upload functionality in of the User Profile pages of S/Notify for Confluence.
You might would be affected when
you use S/Notify for Confluence
and you have enabled that users can upload their own S/MIME certificates
...
you use S/Notify for Jira or S/Notify for Bitbucket
or you have enabled the PGP key upload and not S/MIME
...
While a user is logged on, a specially specifically crafted certificate can be used to inject malicious content that can be executed within the context of the user’s permissions.
...