Описание
Stored XSS vulnerability in Jenkins ECharts API Plugin
ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart.
This results in a stored cross-site scripting (XSS) vulnerability that can be exploited by users with Run/Update permission.
ECharts API Plugin 4.7.0-4 escapes the display name.
Пакеты
Наименование
io.jenkins.plugins:echarts-api
maven
Затронутые версииВерсия исправления
< 4.7.0-4
4.7.0-4
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability.