CVE-2021-21700

CWE-79 — Cross-site Scripting (XSS)10 documents5 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 57.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Scriptler Plugin Jenkins Scriptler

Timeline

PublishedNov 12

Latest updateMay 2

Description

Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:scriptler< 3.4

▶CVEListV5jenkins_project/jenkins_scriptler_pluginunspecified — 3.3

▶NVDjenkins/scriptler3.3

🔴Vulnerability Details

OSV

linux-xilinx-zynqmp vulnerabilities↗2025-05-02

▶

OSV

linux-azure-fips, linux-fips, linux-gcp-fips vulnerabilities↗2025-04-24

▶

OSV

linux-aws, linux-aws-5.4, linux-gcp-5.4, linux-iot vulnerabilities↗2025-04-24

▶

OSV

linux-aws-fips vulnerabilities↗2025-04-24

▶

OSV

linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities↗2025-04-24

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2021-11-12↗2021-11-12

▶