Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control or modify Contrast service API responses.
CPE | Name | Operator | Version |
---|---|---|---|
contrast_continuous_application_security | lt | 3.10 |