CVE-2019-10336

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10336

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10336.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10336

Aliases

GHSA-w3pj-v9jr-v2wc

Published

2019-06-11T14:29:01Z

Modified

2024-09-03T02:22:10.527719Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin.

References

Affected packages

Git / github.com/jenkinsci/electricflow-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/electricflow-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a3a4b6ea3a9eef20fb156e200d05b45fdb70df40

Affected versions

electricflow-1.*

electricflow-1.0

electricflow-1.1.1

electricflow-1.1.2

electricflow-1.1.3

electricflow-1.1.4

electricflow-1.1.5

electricflow-1.1.6