Описание
Stored XSS vulnerability in Jenkins ECharts API Plugin
ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts.
This results in a stored cross-site scripting (XSS) vulnerability that can be exploited by users with Job/Configure permission.
ECharts API Plugin 4.7.0-4 escapes the parser identifier.
Пакеты
Наименование
io.jenkins.plugins:echarts-api
maven
Затронутые версииВерсия исправления
< 4.7.0-4
4.7.0-4
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability.