Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32652

XSS in Possible Next Executions widget

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • next-executions-plugin
    • None
    • Jenkins: 1.645
      next-executions: 1.0.10

      You can inject HTML code by set job display name (Configuration -> Advanced Project Options ). I set JOB <script>alert('foo');</script> and get alert with "foo" text.

            ialbors Ignacio Albors
            agabrys Adam Gabryƛ
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: