GHSA-jvvx-hmmr-rhgg

Suggest an improvement
Source
https://github.com/advisories/GHSA-jvvx-hmmr-rhgg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-jvvx-hmmr-rhgg/GHSA-jvvx-hmmr-rhgg.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-jvvx-hmmr-rhgg
Aliases
Published
2022-07-28T00:00:42Z
Modified
2023-11-01T04:59:35.661192Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin
Details

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Database specific
{
    "nvd_published_at": "2022-07-27T15:15:00Z",
    "github_reviewed_at": "2022-12-09T18:17:52Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Maven / com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter

Package

Name
com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
View open source insights on deps.dev
Purl
pkg:maven/com.moded.extendedchoiceparameter/dynamic_extended_choice_parameter

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.0.1