Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-w3pj-v9jr-v2wc

GitHub Security Advisory

Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

The configuration forms of various post-build steps contributed by CloudBees CD Plugin were vulnerable to cross-site scripting.

This allowed attackers able to control the output of connected ElectricFlow servers' APIs to inject arbitrary HTML and JavaScript into the configuration form.

CloudBees CD Plugin no longer interprets HTML/JavaScript in responses from ElectricFlow server APIs on job configuration forms.

Affected Packages

Maven org.jenkins-ci.plugins:electricflow
Affected versions: 0 (fixed in 1.1.7)

Related CVEs

CVE-2019-10336

Key Information

GHSA ID
GHSA-w3pj-v9jr-v2wc
Published
May 24, 2022 4:47 PM
Last Modified
October 26, 2023 10:21 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:electricflow
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.