EUVD-2022-3953

Malicious code in bioql PyPI...

Stored XSS vulnerability in Jenkins Git Plugin

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to th...

Cross-site Scripting (XSS)

jenkins Git Plugin is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause...

Jenkins Git Plugin < 4.8.3 XSS

According to its its self-reported version number, the version of the Jenkins Git Plugin running on the remote web server is prior to 4.8.3. It is, therefore, affected by a cross-site scripting vulnerability due to it not escaping the Git SHA-1 checksum parameters provided to commit notifications...

CVE-2021-21684

A stored cross-site scripting XSS vulnerability was found in the Jenkins Git plugin. Due to not escaping the Git SHA-1 checksum parameters provided to commit notifications, an attacker is able to submit crafted commit notifications to the /git/notifyCommit endpoint...

CVE-2021-21684

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...