CVE-2019-10349

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.jenkins-ci.plugins/depgraph-view

Identifiers

GHSA-4wj7-rh5h-5qmr, CVE-2019-10349

Package Slug

maven/org.jenkins-ci.plugins/depgraph-view

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Affected Versions

All versions before 0.14

Solution

Upgrade to version 0.14 or above.

Last Modified

2023-02-02

source