5 matches found
GHSA-MHP7-3393-PFQR Cross-site Scripting vulnerability in Jenkins
Since Jenkins 2.340, symbol-based icons unescape previously escaped values of tooltip parameters. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability. Symbol-based icons no longer unescap...
CVE-2022-34172
In Jenkins 2.340 through 2.355 both inclusive symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting XSS vulnerability...
jenkins: user-specified tooltip values leads to stored cross-site scripting
A flaw was found in Jenkins in versions prior to 2.251 and LTS 2.235.3. Tooltip values, which are not properly escaped, can be contributed by plugins and use user-specified values. This results in a potential stored cross-site scripting XSS vulnerability. This highest threat from this vulnerabili...
jenkins: user-specified tooltip values leads to stored cross-site scripting
A flaw was found in Jenkins in versions prior to 2.251 and LTS 2.235.3. Tooltip values, which are not properly escaped, can be contributed by plugins and use user-specified values. This results in a potential stored cross-site scripting XSS vulnerability. This highest threat from this vulnerabili...
jenkins: user-specified tooltip values leads to stored cross-site scripting
A flaw was found in Jenkins in versions prior to 2.251 and LTS 2.235.3. Tooltip values, which are not properly escaped, can be contributed by plugins and use user-specified values. This results in a potential stored cross-site scripting XSS vulnerability. This highest threat from this vulnerabili...