CVE-2020-36523: 
PlantUML vulnerability analysis and mitigation

A vulnerability was found in PlantUML 6.43 affecting the Database Information Macro component. The vulnerability allows attackers to perform cross-site scripting (XSS) attacks through manipulation of the component. The issue was discovered on August 12, 2020 and was fixed in version 6.44 (SEC Consult).

The vulnerability exists in the Database Information macro component where an attacker can inject JavaScript code through the 'datasources' parameter. When a user visits a page containing the maliciously crafted macro, the injected JavaScript code gets executed in the user's browser context (SEC Consult). The vulnerability has been rated as having a medium impact with a CVSS score of 3.5 (CISA).

The successful exploitation of this vulnerability allows attackers to inject and execute arbitrary JavaScript code in the context of other users' browsers when they visit the affected Confluence page. This could potentially lead to session hijacking, data theft, or other malicious actions performed in the context of the victim's browser session (SEC Consult).

The vulnerability has been fixed in PlantUML version 6.44. Users are strongly advised to upgrade to this version or later to address the security issue. The fix is available through the Atlassian Marketplace (SEC Consult).