Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.jenkins-ci.plugins:scriptler(Maven) | 0 | 3.4 | N/A |
CVSS Metrics
