QwikSec

Security Database

CVE

CWE

Training

CVE-2021-21700

Published: Nov 12, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.

Vendor	Product	Versions
Jenkins project	Jenkins Scriptler Plugin	affected `unspecified - <= 3.3`

References

https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2406

x_refsource_CONFIRM

[oss-security] 20211112 Multiple vulnerabilities in Jenkins plugins

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.