...
We would like to inform our clients about a CSRF (Cross Site Request Forgery) based XSS (Cross Site Scripting) vulnerability that has been found in the S/MIME certificate upload functionality in of the User Profile pages of S/Notify for Confluence.
You might would be affected when
you use S/Notify for Confluence
and you have enabled that users can upload their own S/MIME certificates
For further clarification, you are not affected when
you use S/notify Notify for Jira or S/Notify for Bitbucket
or you have enabled the PGP key upload and not S/MIME
...
While a user is logged on, a specially specifically crafted certificate can be used to inject malicious content that can be executed within the context of the user’s permissions.
...
The severity of this vulnerability is considered moderate according to Bugcrowd’s Vulnerability Rating Taxonomy and has been assigned a CVSS 6.5 1 (medium) rating in the Common Vulnerability Scoring System.
This vulnerability has been found in a penetration test by a security researcher. We have no reports about it being actively exploited.
...