Jenkins Contrast Continuous Application Security Plugin vulnerable to stored Cross-site Scripting

Main / Jenkins Contrast Continuous Application Security Plugin vulnerable to stored Cross-site Scripting

Discription

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control or modify Contrast service API responses. Contrast Continuous Application Security Plugin 3.10 escapes the affected data.Read More

References

Back to Main

Subscribe for the latest news: