Jenkins Project Jenkins Active Choices Plugin vulnerabilities

CVE-2021-21699 [MEDIUM] CWE-79 CVE-2021-21699: Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive param Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CVE-2021-21616 [MEDIUM] CWE-79 CVE-2021-21616: Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resultin Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CVE-2020-2289 [MEDIUM] CWE-79 CVE-2020-2289: Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build para Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CVE-2020-2290 [MEDIUM] CWE-79 CVE-2020-2290: Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed script Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.