-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.jenkins.plugins:rest-list-parameter | maven | < 1.6.0 | 1.6.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped rendering of parameter names/descriptions in UI views. Jenkins plugins typically use Jelly templates for view rendering, and ParameterDefinition subclasses (like RESTListParameterDefinition) define parameter metadata. The combination of unescaped field usage in the Java class and the corresponding Jelly view templates would directly inject raw user input into HTML output. The advisory explicitly calls out parameter name/description fields as the XSS vector, which aligns with these components' responsibilities.
A Semantic Attack on Google Gemini - Read the Latest Research