CVE-2019-10374

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.jenkins-ci.plugins/pegdown-formatte

Identifiers

GHSA-922h-x9qv-2274, CVE-2019-10374

Package Slug

maven/org.jenkins-ci.plugins/pegdown-formatte

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.

Affected Versions

All versions up to 1.3

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-03-06

source