Vulnerability Details CVE-2020-2176
Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.4%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2020-2176
-
cpe:2.3:a:jenkins:usemango_runner:1.0
-
cpe:2.3:a:jenkins:usemango_runner:1.1
-
cpe:2.3:a:jenkins:usemango_runner:1.2
-
cpe:2.3:a:jenkins:usemango_runner:1.3
-
cpe:2.3:a:jenkins:usemango_runner:1.4