CVE-2021-21699 – org.biouno:uno-choice

Package

Manager: maven
Name: org.biouno:uno-choice
Vulnerable Version: >=0 <2.5.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.43994 pctl0.97457

Details

Stored XSS vulnerability in Jenkins Active Choices Plugin Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. Jenkins Active Choices Plugin 2.5.7 escapes references to parameter names.

Metadata

Created: 2022-05-24T19:20:32Z
Modified: 2023-10-27T16:07:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rp4x-h577-chvq/GHSA-rp4x-h577-chvq.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-rp4x-h577-chvq
Finding: F425
Auto approve: 1