CVE-2022-29040
https://notcve.org/view.php?id=CVE-2022-29040
Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Git Parameter Plugin versiones 0.9.15 y anteriores, no escapa del nombre y la descripción de los parámetros Git en las visualizaciones que muestran parámetros, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado que puede ser explotada por atacantes con permiso de Item/Configure • https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-27212
https://notcve.org/view.php?id=CVE-2022-27212
Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El Plugin List Git Branches Parameter de Jenkins 0.0.9 y anteriores, no escapa del nombre del parámetro "List Git branches (and more)", resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes con permiso Item/Configure • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-2238
https://notcve.org/view.php?id=CVE-2020-2238
Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. Jenkins Git Parameter Plugin versiones 0.9.12 y anteriores, no escapan el campo repository en la página "Build with Parameters", resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado que los atacantes pueden explotar con permiso de Job/Configure • http://www.openwall.com/lists/oss-security/2020/09/01/3 https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-2113
https://notcve.org/view.php?id=CVE-2020-2113
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. Jenkins Git Parameter Plugin versiones 0.9.11 y anteriores, no escapa al valor predeterminado que se muestra en la Interfaz de Usuario, resultando en una vulnerabilidad de tipo cross-site scripting almacenado que los usuarios con permiso Job/Configure pueden explotar. • http://www.openwall.com/lists/oss-security/2020/02/12/3 https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-2112
https://notcve.org/view.php?id=CVE-2020-2112
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. Jenkins Git Parameter Plugin versiones 0.9.11 y anteriores, no escapa al parámetro name que se muestra en la Interfaz de Usuario, resultando en una vulnerabilidad de tipo cross-site scripting almacenado que los usuarios con permiso Job/Configure pueden explotar. • http://www.openwall.com/lists/oss-security/2020/02/12/3 https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •