CVE-2020-2206

Summary

Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins VncRecorder Pluginunspecified <= 1.25affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References