CVE-2022-36902

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/com.moded.extendedchoiceparameter/dynamic_extended_choice_parameter

Identifiers

CVE-2022-36902

Package Slug

maven/com.moded.extendedchoiceparameter/dynamicextendedchoice_parameter

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Affected Versions

All versions up to 1.0.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-08-04

source