CVE-2021-21700

Summary

Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Scriptler Pluginunspecified <= 3.3affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References