2 matches found
GHSA-WX66-PM7R-2Q82 Stored XSS vulnerability in Jenkins Extra Columns Plugin
Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Additionally, a view containing such a job needs to be configured...
PT-2022-15853 · Jenkins · Jenkins Publish Over Ssh Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Publish Over SSH Plugin versions 1.22 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the SSH server name is not properly escaped, allowing attackers with...