Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-x3m6-vcp7-98mr

GitHub Security Advisory

Stored XSS vulnerability in Jenkins REST List Parameter Plugin

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Jenkins REST List Parameter Plugin 1.3.1 no longer identifies a parameter using user-specified content.

Affected Packages

Maven io.jenkins.plugins:rest-list-parameter
Affected versions: 0 (fixed in 1.3.1)

Related CVEs

CVE-2021-21635

Key Information

GHSA ID
GHSA-x3m6-vcp7-98mr
Published
May 24, 2022 5:45 PM
Last Modified
October 27, 2023 1:58 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
io.jenkins.plugins:rest-list-parameter
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.