Stored XSS vulnerability in ClearCase Release Plugin

Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

Jenkins ClearCase Release Plugin XSS Injection Vulnerability

Jenkins is an open source software project , is based on Java development of a continuous integration tool for monitoring continuous repetitive work , aims to provide an open and easy to use software platform . Jenkins ClearCase Release Plugin product has an XSS injection vulnerability , the...

Cross site scripting

Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

PT-2020-15495 · Jenkins · Jenkins Clearcase Release Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ClearCase Release Plugin version 0.3 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the composite baseline in the badge tooltip is not properly escaped, allowing...