Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
vncviewer-plugin | eq | ncviewer-1.6 | |
vncviewer-plugin | eq | ncviewer-1.7 |