CVE-2017-1000404

The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs...

CVE-2017-1000404

The CVE-2017-1000404 issue affects the Jenkins Delivery Pipeline Plugin (versions ≤ 1.0.7). It arises from the unescaped fullscreen query parameter being echoed into JavaScript, enabling cross-site scripting via specially crafted URLs. The advisory notes that version 1.0.8 converts the value to a...