CVE-2021-21667
published 2021-06-16CVE-2021-21667: Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS)…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | scriptler | <= 3.2 | — |
| jenkins | scriptler_plugin | — | — |
| jenkins_project | jenkins_scriptler_plugin | unspecified – 3.2 | — |