Jenkins REST List Parameter Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A cross-site scripting...

CVE-2022-34196

Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-34196

CVE-2022-34196 affects Jenkins with the REST List Parameter Plugin prior to 1.6.0. The plugin does not escape the name and description of REST list parameters on parameter-displaying views, causing a stored XSS vulnerability exploitable by attackers who have Item/Configure permission. Connected a...

CVE-2022-34196

Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Stored XSS vulnerability in Jenkins REST List Parameter Plugin

Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Jenkins REST List Parameter Plugin 1.3.1 no longer...

CVE-2021-21635

Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

CVE-2021-21635

CVE-2021-21635 affects Jenkins REST List Parameter Plugin up to version 1.3.0. The issue is a stored XSS vulnerability caused by not escaping a parameter name reference in embedded JavaScript, exploitable by an attacker with Job/Configure permission. The linked OSV/GHSA entries confirm the vulner...