Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 18 Nov 2017 08:27:16 +0100
From: Daniel Beck <>
Subject: Re: Reflected Cross-Site Scripting Vulnerability in
 Jenkins Delivery Pipeline Plugin

> On 16. Nov 2017, at 16:23, Daniel Beck <> wrote:
> Delivery Pipeline Plugin used the unescaped content of the query parameter 
> `fullscreen` in its JavaScript, resulting in a cross-site scripting 
> vulnerability through specially crafted URLs.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.