Reflected Cross-site Scripting in Jenkins Nested View Plugin
High severity
GitHub Reviewed
Published
Jun 24, 2022
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Package
Affected versions
>= 1.20, < 1.26
Patched versions
1.26
Description
Published by the National Vulnerability Database
Jun 23, 2022
Published to the GitHub Advisory Database
Jun 24, 2022
Reviewed
Jul 5, 2022
Last updated
Jan 31, 2023
Credits
-
NotMyFault Analyst
Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
Nested View Plugin 1.26 escapes search parameters
References