CVE-2021-21700

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.jenkins-ci.plugins/scriptler

Identifiers

CVE-2021-21700

Package Slug

maven/org.jenkins-ci.plugins/scriptler

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Jenkins Scriptler Plugin does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.

Affected Versions

All versions up to 3.3

Solution

Upgrade to version 3.4 or above.

Last Modified

2021-11-18

source