6 matches found
CVE-2021-21630
Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
GHSA-WX66-PM7R-2Q82 Stored XSS vulnerability in Jenkins Extra Columns Plugin
Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Additionally, a view containing such a job needs to be configured...
GHSA-MR4J-7JJV-24M7 Jenkins Extra Columns Plugin allows Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter...
CVE-2021-21630
Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
Jenkins Extra Columns 跨站脚本漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...
PT-2021-14673 · Jenkins · Jenkins Extra Columns Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Extra Columns Plugin versions 1.22 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability due to the plugin not escaping parameter values in the build parameters column. This vulnerability is...