CVE-2017-1000404: Cross-site Scripting
(updated )
The Jenkins Delivery Pipeline Plugin uses the unescaped content of the query parameter “fullscreen” in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.
References
Detect and mitigate CVE-2017-1000404 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →