Описание
Stored XSS vulnerability in Jenkins Scriptler Plugin
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
Jenkins Scriptler Plugin 3.3 escapes parameter names shown in job configuration forms.
Пакеты
Наименование
org.jenkins-ci.plugins:scriptler
maven
Затронутые версииВерсия исправления
< 3.3
3.3
Связанные уязвимости
CVSS3: 5.4
nvd
больше 4 лет назад
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.