GHSA-3MWJ-7VMQ-W43P Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin

Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission. Yet Another Build Visualizer Plugin 1.12 escapes tooltip content...

Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin

Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission. Yet Another Build Visualizer Plugin 1.12 escapes tooltip content...

CVE-2020-2236

Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission...

CVE-2020-2236

The CVE-2020-2236 entry concerns Jenkins’ Yet Another Build Visualizer Plugin. Versions 1.11 and earlier are vulnerable to stored XSS because tooltip content is not escaped, exploitable by users with Run/Update permission. The issue is addressed by updating to version 1.12 or later, which escapes...