SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Jenkins plugin Badge XSS

Category: WEB-ATTACKS      

Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0021


Relevant Information