The host is installed with Confluence Server before 7.11.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle admin global setting parameters. Successful exploitation allows attackers to inject arbitrary HTML or javascript.