5 matches found
CVE-2021-21668
Affected software: Jenkins Scriptler Plugin (versions ≤ 3.1). Vulnerability: Stored XSS due to failure to escape script content; exploitable by attackers with Scriptler/Configure permission. Impact: Cross-site scripting: script content can be crafted to execute in the context of the vulnerable Je...
CVE-2021-21667
CVE-2021-21667 affects Jenkins Scriptler Plugin up to version 3.2. The issue is a stored XSS due to parameter names not being escaped in job configuration forms, exploitable by attackers with Scriptler/Configure permission. Impact is limited to stored XSS within affected Jenkins instances; no pub...
CVE-2023-50765
CVE-2023-50765 affects Jenkins Scriptler Plugin versions 342.v6a_89fd40f466 and earlier. The vulnerability is a missing permission check that allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. Impact is information disclosure of Groovy scripts...
CVE-2021-21700
CVE-2021-21700 affects the Jenkins Scriptler Plugin. Documents confirm a stored XSS in Scriptler Plugin versions 3.3 and earlier caused by failing to escape the name of scripts on the UI during deletion confirmation. The vulnerability can be exploited by attackers who can create Scriptler scripts...
CVE-2023-50764
CVE-2023-50764 concerns the Jenkins Scriptler Plugin (versions 342.v6a_89fd40f466 and earlier). The vulnerability stems from an unrestricted file-name query parameter in an HTTP endpoint, which, if an attacker has Scriptler/Configure permission, can lead to deletion of arbitrary files on the Jenk...