Advisories for Maven/Io.jenkins.plugins/Agent-Server-Parameter package

2022

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.