CVE-2022-36902
maven/com.moded.extendedchoiceparameter/dynamicextendedchoice_parameter
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
All versions up to 1.0.1
Unfortunately, there is no solution available yet.
2022-08-04
source |