oss-sec mailing list archives
Re: Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin
From: Daniel Beck <ml () beckweb net>
Date: Sat, 18 Nov 2017 08:27:16 +0100
On 16. Nov 2017, at 16:23, Daniel Beck <ml () beckweb net> wrote: SECURITY-640 Delivery Pipeline Plugin used the unescaped content of the query parameter `fullscreen` in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.
CVE-2017-1000404
Current thread:
- Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin Daniel Beck (Nov 16)
- Re: Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin Daniel Beck (Nov 17)