Stored XSS vulnerability in Validating String Parameter Plugin

Validating String Parameter Plugin 2.4 and earlier does not escape regular expressions in tooltips. Additionally, Validating String Parameter Plugin 2.4 does not escape parameter names and parameter descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by...

GHSA-FVWH-WV43-8QJ5 Stored XSS vulnerability in Validating String Parameter Plugin

Validating String Parameter Plugin 2.4 and earlier does not escape regular expressions in tooltips. Additionally, Validating String Parameter Plugin 2.4 does not escape parameter names and parameter descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by...

CloudBees Jenkins Validating String Parameter Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2020-2257

Jenkins Validating String Parameter Plugin (versions ≤ 2.4) contains a stored XSS vulnerability due to insufficient escaping of user-controlled fields (including regular expressions in tooltips, names, and descriptions). Exploitation requires Job/Configure permission. A fix is available in versio...

PT-2020-15482 · Jenkins · Jenkins Validating String Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Validating String Parameter Plugin versions 2.4 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Job/Configure permission. This occurs because the...