0.001 Low
EPSS
Percentile
29.5%
workflow-job is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the displayName attribute of the summary.jelly does not escape before being rendered, allowing an attacker to inject and execute malicious JavaScript.
displayName
summary.jelly
github.com/advisories/GHSA-2wvv-phhw-qvmc
github.com/jenkinsci/workflow-job-plugin/commit/395eb740000509bff789c7f409c90f2a4a738821
www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042