Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.
Shortcut Job Plugin 0.5 escapes the shortcut redirection URL.
{ "nvd_published_at": "2023-08-16T15:15:12Z", "cwe_ids": [ "CWE-79" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-08-16T21:05:51Z" }