oss-sec mailing list archives

Re: Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin

From: Daniel Beck <ml () beckweb net>
Date: Sat, 18 Nov 2017 08:27:16 +0100

On 16. Nov 2017, at 16:23, Daniel Beck <ml () beckweb net> wrote:

SECURITY-640
Delivery Pipeline Plugin used the unescaped content of the query parameter 
`fullscreen` in its JavaScript, resulting in a cross-site scripting 
vulnerability through specially crafted URLs.



CVE-2017-1000404

Current thread:

Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin Daniel Beck (Nov 16)
- Re: Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin Daniel Beck (Nov 17)