2 matches found
jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips
A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with multiple axes which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...
PT-2020-15441 · Jenkins · Jenkins Matrix Project Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Project Plugin versions 1.16 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the axis names shown in tooltips on the overview page of builds with multiple axes are...