SUSE CVE-2017-1000392

Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1922 more potentially affected by CVE-2017-1000392 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.7)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2017-1000392 Source advisory: OSV:GHSA-5PPX-RGW2-XG23...

CVE-2017-1000392

CVE-2017-1000392 affects Jenkins 2.88 and earlier; 2.73.2 and earlier. The vulnerability arises from autocompletion suggestions for text fields not escaping HTML metacharacters, which can lead to a persisted cross-site scripting (XSS) vulnerability if the suggestion source allows HTML. The provid...

Jenkins Multiple Vulnerabilities (Nov 2017) - Linux

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...