Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting
High severity
GitHub Reviewed
Published
Apr 2, 2023
to the GitHub Advisory Database
•
Updated Apr 10, 2023
Package
Affected versions
<= 1.1.2
Patched versions
None
Description
Published by the National Vulnerability Database
Apr 2, 2023
Published to the GitHub Advisory Database
Apr 2, 2023
Reviewed
Apr 10, 2023
Last updated
Apr 10, 2023
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.
References