Jenkins Active Choices Plugin Cross-Site Scripting (CVE-2021-21699)

A stored cross-site scripting vulnerability exists in Jenkins Active Choices Plugin. This vulnerability is due to insufficient validation of parameter name of reactive parameters and dynamic reference parameters...

CVE-2021-21699

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...