WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-10336 Vulnerability in maven package org.jenkins-ci.plugins:electricflow

Description

A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/06/11/1

http://www.securityfocus.com/bid/108747

https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1420

Related Vulnerabilities

CVE-2023-0842 Vulnerability in maven package org.webjars.npm:xml2js

CVE-2021-46440 Vulnerability in npm package strapi

CVE-2022-39225 Vulnerability in npm package parse-server

CVE-2020-17533 Vulnerability in maven package org.apache.accumulo:accumulo-core

CVE-2022-32532 Vulnerability in maven package org.apache.shiro:shiro-core

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory