Описание
Stored XSS vulnerability in Jenkins Scriptler Plugin
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
Jenkins Scriptler Plugin 3.2 escapes script content.
Пакеты
Наименование
org.jenkins-ci.plugins:scriptler
maven
Затронутые версииВерсия исправления
< 3.2
3.2
Связанные уязвимости
CVSS3: 5.4
nvd
больше 4 лет назад
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.