CVE-2021-21699
- EPSS 31.26%
- Published 12.11.2021 11:15:08
- Last modified 21.11.2024 05:48:51
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure per...
CVE-2021-21616
- EPSS 2.28%
- Published 24.02.2021 16:15:14
- Last modified 21.11.2024 05:48:42
Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2020-2289
- EPSS 0.21%
- Published 08.10.2020 13:15:11
- Last modified 21.11.2024 05:25:12
Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2020-2290
- EPSS 0.24%
- Published 08.10.2020 13:15:11
- Last modified 21.11.2024 05:25:13
Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permis...
CVE-2017-1000386
- EPSS 0.04%
- Published 26.01.2018 02:29:00
- Last modified 21.11.2024 03:04:36
Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could i...