Stored XSS vulnerability in Jenkins Scriptler Plugin
Moderate severity
GitHub Reviewed
Published
Jan 6, 2022
to the GitHub Advisory Database
•
Updated Oct 27, 2023
Description
Published by the National Vulnerability Database
Jun 16, 2021
Reviewed
Jun 17, 2021
Published to the GitHub Advisory Database
Jan 6, 2022
Last updated
Oct 27, 2023
Credits
-
NotMyFault Analyst
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
Jenkins Scriptler Plugin 3.2 escapes script content.
References