CVE-2023-35143

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/jenkins/repository

Identifiers

GHSA-9pvw-8q92-hm9w, CVE-2023-35143

Package Slug

maven/jenkins/repository

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in pom.xml.

Affected Versions

All versions up to 1.10

Solution

Unfortunately, there is no solution available yet.

Last Modified

2024-01-31

source