Jenkins project jenkins_scriptler vunspecified - 3 CVEs

CVE-2021-21700

Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.

UNKNOWN Published Nov 12, 2021

CVE-2021-21668

Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.

UNKNOWN Published Jun 16, 2021

CVE-2021-21667

Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.

UNKNOWN Published Jun 16, 2021

Version unspecified

Known Vulnerabilities

CVE-2021-21700

CVE-2021-21668

CVE-2021-21667