Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin

Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission. Yet Another Build Visualizer Plugin 1.12 escapes tooltip content...

GHSA-3MWJ-7VMQ-W43P Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin

Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission. Yet Another Build Visualizer Plugin 1.12 escapes tooltip content...

CVE-2020-2236

Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission...

CVE-2020-2236

The CVE-2020-2236 entry concerns Jenkins’ Yet Another Build Visualizer Plugin. Versions 1.11 and earlier are vulnerable to stored XSS because tooltip content is not escaped, exploitable by users with Run/Update permission. The issue is addressed by updating to version 1.12 or later, which escapes...