VDB
CESS-2022-30970
CESS-2022-30970
PUBLISHED
CVSS 5.4 MEDIUM
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Risk Scores
CVSS 3.1
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Timeline
- May 17, 2022 CVE Published