Описание
Cross-site Scripting in Jenkins SiteMonitor Plugin
Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Пакеты
Наименование
org.jvnet.hudson.plugins:sitemonitor
maven
Затронутые версииВерсия исправления
<= 0.6
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.