Back to bug 2215089

Who	When	What	Removed	Added
Guilherme de Almeida Suckevicz	2023-06-14 18:33:44 UTC	Blocks		2215113
Avinash Hanwate	2023-07-04 05:10:52 UTC	Status	NEW	CLOSED
		Summary	TRIAGE-CVE-2023-35146 jenkins-2-plugins: template-workflows: Stored XSS vulnerability in Template Workflows Plugin	CVE-2023-35146 jenkins-2-plugins: template-workflows: Stored XSS vulnerability in Template Workflows Plugin
		Resolution	---	NOTABUG
		Alias	TRIAGE-CVE-2023-35146	CVE-2023-35146
		Last Closed		2023-07-04 05:10:52 UTC
Avinash Hanwate	2023-07-11 05:58:00 UTC	Doc Text		Jenkins Template Workflows Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
RaTasha Tillery-Smith	2023-07-11 14:34:53 UTC	Doc Text	Jenkins Template Workflows Plugin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.	A flaw was found in the Jenkins Template Workflows Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. This flaw allows a remote, authenticated attacker to inject malicious script into a Web page, which would be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed, and steal the victim's cookie-based authentication credentials.

Back to bug 2215089