Maven/Org.jenkins-Ci.plugins/Pegdown-Formatter

Jenkins PegDown Formatter Plugin has Cross-site Scripting vulnerability

PegDown Formatter Plugin uses the PegDown library to implement support for rendering Markdown formatted descriptions in Jenkins. It advertises disabling of HTML to prevent cross-site scripting (XSS) as a feature. PegDown Formatter Plugin does not prevent the use of javascript: scheme in URLs for links. This results in an XSS vulnerability exploitable by users able to configure entities with descriptions or similar properties that are rendered by the configured markup …

Advisories for Maven/Org.jenkins-Ci.plugins/Pegdown-Formatter package