4 matches found
Jenkins Scriptler Plugin Cross-Site Scripting (CVE-2021-21667)
A stored cross-site scripting vulnerability exists in Jenkins Scriptler Plugin. This vulnerability is due to insufficient escaping of parameter names shown in job configuration forms...
com.seitenbau.jenkins.plugins:dynamicparameter (=0.2.0), org.biouno:uno-choice (>=1.0 <=1.5.3-alpha) potentially affected by CVE-2021-21667 via org.jenkins-ci.plugins:scriptler (>=2.2 <=2.9)
org.jenkins-ci.plugins:scriptler MAVEN version =2.2, =1.0, =1.5.3-alpha Source cves: CVE-2021-21667 Source advisory: OSV:GHSA-P479-RWHP-RWJX...
CVE-2021-21667
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Scriptler/Configure permission...
CVE-2021-21667
CVE-2021-21667 affects Jenkins Scriptler Plugin up to version 3.2. The issue is a stored XSS due to parameter names not being escaped in job configuration forms, exploitable by attackers with Scriptler/Configure permission. Impact is limited to stored XSS within affected Jenkins instances; no pub...