Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
org.jenkins-ci.plugins:compatibility-action-storage | eq | 1.0 |