CVE-2021-21700
published 2021-11-12CVE-2021-21700: Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.68%
47.9th percentile
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_choices_plugin | — | — |
| jenkins | owasp_dependency-check_plugin | — | — |
| jenkins | performance_plugin | — | — |
| jenkins | scriptler | <= 3.3 | — |
| jenkins | scriptler_plugin | — | — |
| jenkins_project | jenkins_scriptler_plugin | unspecified – 3.3 | — |
| linux | linux_kernel | >= 0 < 5.4.0-214.234 | 5.4.0-214.234 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Jenkins
Jenkins Security Advisory 2021-11-12
vendor_jenkins·2021-11-12·CVSS 5.4
CVE-2021-21699 [MEDIUM] Jenkins Security Advisory 2021-11-12
Title: Jenkins Security Advisory 2021-11-12
Jenkins Security Advisory 2021-11-12
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Active Choices
Plugin
OWASP Dependency-Check
Plugin
Performance
Plugin
pom2config
Plugin
Scriptler
Plugin
Squash TM Publisher (Squash4Jenkins)
Plugin
Descriptions
Stor
OSV
linux-xilinx-zynqmp vulnerabilities
osv·2025-05-02·CVSS 5.5
CVE-2025-21703 linux-xilinx-zynqmp vulnerabilities
linux-xilinx-zynqmp vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- Bluetooth subsystem;
- IPv6 networking;
- Network traffic control;
(CVE-2025-21703, CVE-2024-53237, CVE-2024-50256, CVE-2024-56651,
CVE-2024-46826, CVE-2025-21700, CVE-2021-47119, CVE-2024-26915,
CVE-2025-21702, CVE-2024-49974, CVE-2024-35958)
OSV
linux-azure-fips, linux-fips, linux-gcp-fips vulnerabilities
osv·2025-04-24·CVSS 5.5
CVE-2021-47119 linux-azure-fips, linux-fips, linux-gcp-fips vulnerabilities
linux-azure-fips, linux-fips, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- Bluetooth subsystem;
- IPv6 networking;
- Network traffic control;
(CVE-2021-47119, CVE-2024-35958, CVE-2025-21700, CVE-2024-53237,
CVE-2024-46826, CVE-2025-21703, CVE-2024-49974, CVE-2025-21702,
CVE-2024-56651, CVE-2024-26915, CVE-2024-50256)
OSV
linux-aws, linux-aws-5.4, linux-gcp-5.4, linux-iot vulnerabilities
osv·2025-04-24·CVSS 5.5
linux-aws, linux-aws-5.4, linux-gcp-5.4, linux-iot vulnerabilities
linux-aws, linux-aws-5.4, linux-gcp-5.4, linux-iot vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Network namespace;
- Bluetooth subsystem;
- Networking core;
- IPv6 networking;
- Network traffic control;
(CVE-2024-56658, CVE-2025-21700, CVE-2025-21703, CVE-2024-35864,
CVE-2024-26915, CVE-2021-47119, CVE-2025-21702, CVE-2024-50256,
CVE-2024-35958, CVE-2024-26928, CVE-2024-49974, CVE-2024-46826,
CVE-2024-53237, CVE-2024-56651)
OSV
linux-aws-fips vulnerabilities
osv·2025-04-24·CVSS 5.5
linux-aws-fips vulnerabilities
linux-aws-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Network namespace;
- Bluetooth subsystem;
- Networking core;
- IPv6 networking;
- Network traffic control;
(CVE-2024-56651, CVE-2021-47119, CVE-2025-21700, CVE-2025-21702,
CVE-2024-49974, CVE-2024-56658, CVE-2024-53237, CVE-2025-21703,
CVE-2024-26928, CVE-2024-26915, CVE-2024-35958, CVE-2024-50256,
CVE-2024-35864, CVE-2024-46826)
OSV
linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities
osv·2025-04-24·CVSS 5.5
linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities
linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- Bluetooth subsystem;
- IPv6 networking;
- Network traffic control;
(CVE-2024-53237, CVE-2024-50256, CVE-2021-47119, CVE-2024-35958,
CVE-2025-21700, CVE-2025-21703, CVE-2024-56651, CVE-2024-49974,
CVE-2025-21702, CVE-2024-26915, CVE-2024-46826)
OSV
Stored XSS vulnerability in Jenkins Scriptler Plugin
osv·2022-05-24
CVE-2021-21700 [MEDIUM] Stored XSS vulnerability in Jenkins Scriptler Plugin
Stored XSS vulnerability in Jenkins Scriptler Plugin
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Scriptler scripts.
Jenkins Scriptler Plugin 3.4 escapes the name of scripts on the UI when asking to confirm their deletion.
GHSA
Stored XSS vulnerability in Jenkins Scriptler Plugin
ghsa·2022-05-24
CVE-2021-21700 [MEDIUM] CWE-79 Stored XSS vulnerability in Jenkins Scriptler Plugin
Stored XSS vulnerability in Jenkins Scriptler Plugin
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Scriptler scripts.
Jenkins Scriptler Plugin 3.4 escapes the name of scripts on the UI when asking to confirm their deletion.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-12
Published