Stored XSS vulnerability in Validating String Parameter Plugin

Validating String Parameter Plugin 2.4 and earlier does not escape regular expressions in tooltips. Additionally, Validating String Parameter Plugin 2.4 does not escape parameter names and parameter descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by...

GHSA-FVWH-WV43-8QJ5 Stored XSS vulnerability in Validating String Parameter Plugin

Validating String Parameter Plugin 2.4 and earlier does not escape regular expressions in tooltips. Additionally, Validating String Parameter Plugin 2.4 does not escape parameter names and parameter descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by...

CVE-2020-2257

Jenkins Validating String Parameter Plugin (versions ≤ 2.4) contains a stored XSS vulnerability due to insufficient escaping of user-controlled fields (including regular expressions in tooltips, names, and descriptions). Exploitation requires Job/Configure permission. A fix is available in versio...