GHSA-5HH2-F4H9-446G Cross-site Scripting in Jenkins Date Parameter Plugin

Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability...

Cross-site Scripting in Jenkins Hidden Parameter Plugin

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...

PT-2022-22066 · Jenkins · Jenkins Sauce Ondemand Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sauce OnDemand Plugin versions 1.204 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the plugin doe...

GHSA-5PMP-7WC9-V7VW Cross-site Scripting in Jenkins JDK Parameter Plugin

Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters. This results in stored cross-site scripting XSS vulnerabilities exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability...