Описание
Cross-site Scripting in Jenkins eXtreme Feedback Panel Plugin
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Пакеты
Наименование
org.jenkins-ci.plugins:xfpanel
maven
Затронутые версииВерсия исправления
<= 2.0.1
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.