Skip to main content

Active Choices

4 CVEs product

Monthly

CVE-2021-21699 Maven MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Active Choices
NVD
CVSS 3.1
5.4
EPSS
88.5%
CVE-2021-21616 Maven MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Active Choices
NVD
CVSS 3.1
4.6
EPSS
78.8%
CVE-2020-2290 Maven MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Active Choices
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-2289 Maven MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Active Choices
NVD
CVSS 3.1
5.4
EPSS
0.9%
EPSS 88% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Active Choices
NVD
EPSS 79% CVSS 4.6
MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Active Choices
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Active Choices
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Active Choices
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy