CVEDB API

Vulnerabilities

Vulnerable Software

Jenkins: >> Active Choices >> 2.1 Security Vulnerabilities

CVE-2021-21699

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CVSS Score

5.4

EPSS Score

0.505

Published

2021-11-12

CVE-2021-21616

Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CVSS Score

4.6

EPSS Score

0.023

Published

2021-02-24

CVE-2020-2289

Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CVSS Score

5.4

EPSS Score

0.002

Published

2020-10-08

CVE-2020-2290

Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CVSS Score

5.4

EPSS Score

0.002

Published

2020-10-08

Page 1

Vulnerabilities

Vulnerable Software

Jenkins: >> Active Choices >> 2.1 Security Vulnerabilities

Products

Pricing

Contact Us