CVE-2017-1000404

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-1000404
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000404.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000404
Aliases
Published
2018-01-26T02:29:01.393Z
Modified
2026-03-14T09:21:18.351174Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.

References

Affected packages

Git / github.com/diabol/delivery-pipeline-plugin

Affected ranges

Type
GIT
Repo
https://github.com/diabol/delivery-pipeline-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e7e6cc2354ab76ac6a915d8ae2fb9ede086c3096
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.7"
        }
    ]
}

Affected versions

delivery-pipeline-plugin-0.*
delivery-pipeline-plugin-0.1
delivery-pipeline-plugin-0.1.1
delivery-pipeline-plugin-0.10.0
delivery-pipeline-plugin-0.10.1
delivery-pipeline-plugin-0.10.1rc10
delivery-pipeline-plugin-0.10.2
delivery-pipeline-plugin-0.10.3
delivery-pipeline-plugin-0.2
delivery-pipeline-plugin-0.3
delivery-pipeline-plugin-0.4
delivery-pipeline-plugin-0.5
delivery-pipeline-plugin-0.6
delivery-pipeline-plugin-0.6.1
delivery-pipeline-plugin-0.6.10
delivery-pipeline-plugin-0.6.2
delivery-pipeline-plugin-0.6.3
delivery-pipeline-plugin-0.6.4
delivery-pipeline-plugin-0.6.5
delivery-pipeline-plugin-0.6.6
delivery-pipeline-plugin-0.6.7
delivery-pipeline-plugin-0.6.8
delivery-pipeline-plugin-0.6.9
delivery-pipeline-plugin-0.7.0
delivery-pipeline-plugin-0.7.1
delivery-pipeline-plugin-0.7.2
delivery-pipeline-plugin-0.7.3
delivery-pipeline-plugin-0.7.4
delivery-pipeline-plugin-0.7.5
delivery-pipeline-plugin-0.8.0
delivery-pipeline-plugin-0.8.1
delivery-pipeline-plugin-0.8.10
delivery-pipeline-plugin-0.8.11
delivery-pipeline-plugin-0.8.2
delivery-pipeline-plugin-0.8.3
delivery-pipeline-plugin-0.8.4
delivery-pipeline-plugin-0.8.5
delivery-pipeline-plugin-0.8.6
delivery-pipeline-plugin-0.8.7
delivery-pipeline-plugin-0.8.8
delivery-pipeline-plugin-0.8.9
delivery-pipeline-plugin-0.9.0
delivery-pipeline-plugin-0.9.1
delivery-pipeline-plugin-0.9.10
delivery-pipeline-plugin-0.9.11
delivery-pipeline-plugin-0.9.12
delivery-pipeline-plugin-0.9.2
delivery-pipeline-plugin-0.9.3
delivery-pipeline-plugin-0.9.4
delivery-pipeline-plugin-0.9.5
delivery-pipeline-plugin-0.9.6
delivery-pipeline-plugin-0.9.7
delivery-pipeline-plugin-0.9.8
delivery-pipeline-plugin-0.9.9
delivery-pipeline-plugin-1.*
delivery-pipeline-plugin-1.0.0
delivery-pipeline-plugin-1.0.1
delivery-pipeline-plugin-1.0.2
delivery-pipeline-plugin-1.0.3
delivery-pipeline-plugin-1.0.4
delivery-pipeline-plugin-1.0.5
delivery-pipeline-plugin-1.0.6
Other
origin
release-0.*
release-0.10.1
release-0.10.1rc10
release-0.10.1rc7
release-0.10.1rc8
release-0.10.2
release-0.10.3
release-0.10.rc9
release-1.*
release-1.0.0
release-1.0.1
release-1.0.2
release-1.0.3
release-1.0.4
release-1.0.5
release-1.0.6
release-1.0.7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000404.json"