Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1000392)

Description

Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.

Remediation

References

CVE-2017-1000392

Related Vulnerabilities

WordPress Plugin Connections Business Directory CSV Injection (9.6)

WordPress Plugin LeadConnector Security Bypass (1.7)

PostgreSQL Uncontrolled Search Path Element Vulnerability (CVE-2020-14349)

WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)

WordPress Plugin Fancy Gallery 'image-upload.php' Arbitrary File Upload (1.2.4)

Severity

Medium

Classification

CVE-2017-1000392 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities