Описание
Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.
Пакеты
Наименование
javagh.jenkins:mashup-portlets-plugin
maven
Затронутые версииВерсия исправления
<= 1.1.2
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
почти 3 года назад
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.