Lucene search
K
JenkinsScriptler

5 matches found

CVE
CVE
added 2021/06/16 1:40 p.m.96 views

CVE-2021-21668

Affected software: Jenkins Scriptler Plugin (versions ≤ 3.1). Vulnerability: Stored XSS due to failure to escape script content; exploitable by attackers with Scriptler/Configure permission. Impact: Cross-site scripting: script content can be crafted to execute in the context of the vulnerable Je...

5.4CVSS5.3AI score0.76016EPSS
CVE
CVE
added 2021/06/16 1:40 p.m.95 views

CVE-2021-21667

CVE-2021-21667 affects Jenkins Scriptler Plugin up to version 3.2. The issue is a stored XSS due to parameter names not being escaped in job configuration forms, exploitable by attackers with Scriptler/Configure permission. Impact is limited to stored XSS within affected Jenkins instances; no pub...

5.4CVSS5.2AI score0.75742EPSS
CVE
CVE
added 2023/12/13 5:30 p.m.81 views

CVE-2023-50765

CVE-2023-50765 affects Jenkins Scriptler Plugin versions 342.v6a_89fd40f466 and earlier. The vulnerability is a missing permission check that allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. Impact is information disclosure of Groovy scripts...

4.3CVSS4.2AI score0.00454EPSS
CVE
CVE
added 2021/11/12 10:35 a.m.80 views

CVE-2021-21700

CVE-2021-21700 affects the Jenkins Scriptler Plugin. Documents confirm a stored XSS in Scriptler Plugin versions 3.3 and earlier caused by failing to escape the name of scripts on the UI during deletion confirmation. The vulnerability can be exploited by attackers who can create Scriptler scripts...

5.4CVSS5.2AI score0.00684EPSS
CVE
CVE
added 2023/12/13 5:30 p.m.69 views

CVE-2023-50764

CVE-2023-50764 concerns the Jenkins Scriptler Plugin (versions 342.v6a_89fd40f466 and earlier). The vulnerability stems from an unrestricted file-name query parameter in an HTTP endpoint, which, if an attacker has Scriptler/Configure permission, can lead to deletion of arbitrary files on the Jenk...

8.1CVSS7.8AI score0.00842EPSS