5 matches found
CVE-2019-10374
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI...
GHSA-922H-X9QV-2274 Jenkins PegDown Formatter Plugin has Cross-site Scripting vulnerability
PegDown Formatter Plugin uses the PegDown library to implement support for rendering Markdown formatted descriptions in Jenkins. It advertises disabling of HTML to prevent cross-site scripting XSS as a feature. PegDown Formatter Plugin does not prevent the use of javascript: scheme in URLs for...
Jenkins PegDown Formatter Plugin has Cross-site Scripting vulnerability
PegDown Formatter Plugin uses the PegDown library to implement support for rendering Markdown formatted descriptions in Jenkins. It advertises disabling of HTML to prevent cross-site scripting XSS as a feature. PegDown Formatter Plugin does not prevent the use of javascript: scheme in URLs for...
CVE-2019-10374
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI...
CVE-2019-10374
The CVE-2019-10374 issue affects Jenkins PegDown Formatter Plugin (versions 1.3 and earlier). A stored cross-site scripting vulnerability arises because users able to edit descriptions or other fields rendered by the configured markup formatter can inject links using the javascript: scheme into t...