2 matches found
CVE-2020-2257
Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2257
Jenkins Validating String Parameter Plugin (versions ≤ 2.4) contains a stored XSS vulnerability due to insufficient escaping of user-controlled fields (including regular expressions in tooltips, names, and descriptions). Exploitation requires Job/Configure permission. A fix is available in versio...