CVE-2017-1000404
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000404
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000404.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-1000404
- Aliases
- Published
- 2018-01-26T02:29:01Z
- Modified
- 2024-09-03T01:00:40.437925Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.
- References
Affected packages
Git / github.com/diabol/delivery-pipeline-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/diabol/delivery-pipeline-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
delivery-pipeline-plugin-0.*
delivery-pipeline-plugin-0.1
delivery-pipeline-plugin-0.1.1
delivery-pipeline-plugin-0.10.0
delivery-pipeline-plugin-0.10.1
delivery-pipeline-plugin-0.10.1rc10
delivery-pipeline-plugin-0.10.2
delivery-pipeline-plugin-0.10.3
delivery-pipeline-plugin-0.2
delivery-pipeline-plugin-0.3
delivery-pipeline-plugin-0.4
delivery-pipeline-plugin-0.5
delivery-pipeline-plugin-0.6
delivery-pipeline-plugin-0.6.1
delivery-pipeline-plugin-0.6.10
delivery-pipeline-plugin-0.6.2
delivery-pipeline-plugin-0.6.3
delivery-pipeline-plugin-0.6.4
delivery-pipeline-plugin-0.6.5
delivery-pipeline-plugin-0.6.6
delivery-pipeline-plugin-0.6.7
delivery-pipeline-plugin-0.6.8
delivery-pipeline-plugin-0.6.9
delivery-pipeline-plugin-0.7.0
delivery-pipeline-plugin-0.7.1
delivery-pipeline-plugin-0.7.2
delivery-pipeline-plugin-0.7.3
delivery-pipeline-plugin-0.7.4
delivery-pipeline-plugin-0.7.5
delivery-pipeline-plugin-0.8.0
delivery-pipeline-plugin-0.8.1
delivery-pipeline-plugin-0.8.10
delivery-pipeline-plugin-0.8.11
delivery-pipeline-plugin-0.8.2
delivery-pipeline-plugin-0.8.3
delivery-pipeline-plugin-0.8.4
delivery-pipeline-plugin-0.8.5
delivery-pipeline-plugin-0.8.6
delivery-pipeline-plugin-0.8.7
delivery-pipeline-plugin-0.8.8
delivery-pipeline-plugin-0.8.9
delivery-pipeline-plugin-0.9.0
delivery-pipeline-plugin-0.9.1
delivery-pipeline-plugin-0.9.10
delivery-pipeline-plugin-0.9.11
delivery-pipeline-plugin-0.9.12
delivery-pipeline-plugin-0.9.2
delivery-pipeline-plugin-0.9.3
delivery-pipeline-plugin-0.9.4
delivery-pipeline-plugin-0.9.5
delivery-pipeline-plugin-0.9.6
delivery-pipeline-plugin-0.9.7
delivery-pipeline-plugin-0.9.8
delivery-pipeline-plugin-0.9.9
delivery-pipeline-plugin-1.*
delivery-pipeline-plugin-1.0.0
delivery-pipeline-plugin-1.0.1
delivery-pipeline-plugin-1.0.2
delivery-pipeline-plugin-1.0.3
delivery-pipeline-plugin-1.0.4
delivery-pipeline-plugin-1.0.5
delivery-pipeline-plugin-1.0.6
Other
origin
release-0.*
release-0.10.1
release-0.10.1rc10
release-0.10.1rc7
release-0.10.1rc8
release-0.10.2
release-0.10.3
release-0.10.rc9
release-1.*
release-1.0.0
release-1.0.1
release-1.0.2
release-1.0.3
release-1.0.4
release-1.0.5
release-1.0.6
release-1.0.7