Описание
Reflected XSS in Jenkins Compatibility Action Storage Plugin
Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
Пакеты
Наименование
org.jenkins-ci.plugins:compatibility-action-storage
maven
Затронутые версииВерсия исправления
<= 1.0
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
больше 5 лет назад
Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.