Описание
Cross-site Scripting in Jenkins Application Detector Plugin
Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Пакеты
Наименование
org.jenkins-ci.plugins:app-detector
maven
Затронутые версииВерсия исправления
< 1.0.9
1.0.9
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.