CVE-2019-6804 – Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2019-6804

An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp. Se ha descubierto un problema de Cross-Site Scripting (XSS) en la página "Job Edit" en Rundeck Community Edition, en versiones anteriores a la 3.0.13, relacionado con assets/javascripts/workflowStepEditorKO.js y views/execution/_wfitemEdit.gsp. Rundeck Community Edition versions prior to 3.0.13 suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/46251 https://docs.rundeck.com/docs/history/version-3.0.13.html https://github.com/rundeck/rundeck/issues/4406 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •