4 matches found
Jenkins Active Choices Plugin Cross-Site Scripting (CVE-2021-21699)
A stored cross-site scripting vulnerability exists in Jenkins Active Choices Plugin. This vulnerability is due to insufficient validation of parameter name of reactive parameters and dynamic reference parameters...
CVE-2021-21699
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2021-21699
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2021-21699
Summary: CVE-2021-21699 affects Jenkins with the Active Choices Plugin. Versions 2.5.6 and earlier do not escape the parameter name of reactive and dynamic reference parameters, causing a stored XSS vulnerability. Exploitation is possible by attackers with Job/Configure permission. Impact (as sta...