CVE-2017-1000103

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.jvnet.hudson.plugins/dry

Identifiers

GHSA-63cj-3r94-234v, CVE-2017-1000103

Package Slug

maven/org.jvnet.hudson.plugins/dry

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.

Affected Versions

All versions up to 2.48

Solution

Upgrade to version 2.49 or above.

Last Modified

2024-01-31

source