XSS in Possible Next Executions widget

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Critical
    • Component/s: next-executions-plugin
    • None
    • Environment:
      Jenkins: 1.645
      next-executions: 1.0.10

      You can inject HTML code by set job display name (Configuration -> Advanced Project Options ). I set JOB <script>alert('foo');</script> and get alert with "foo" text.

            Assignee:
            Ignacio Albors
            Reporter:
            Adam GabryÅ›
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: