Advisories for Maven/Org.jenkins-Ci.plugins/Nested-View package

2022

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.

Improper Restriction of XML External Entity Reference

Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.