Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting…
jenkins·CWE-79·Published 2021-02-24
Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. Jenkins Active Choices Plugin 2.5.3 escapes reference parameter values.
Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. Jenkins Active Choices Plugin 2.5.3 escapes reference parameter values.
Jenkins Active Choices Plugin versiones 2.5.2 y anteriores, no escapan a unos valores de parámetros reference, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso Job/Configure
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 3.5 | 6.8 | 2.9 | AV:N/AC:M/Au:S/C:N/I:P/A:N |
| 3.1 | Primary | NVD | 4.6 | 2.1 | 2.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
| 3.1 | Secondary | GHSA | 4.6 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |