CVE-2017-1000404

Name of the Vulnerable Software and Affected Versions Jenkins Delivery Pipeline Plugin versions 1.0.7 and earlier

Description The issue arises from the unescaped content of the query parameter fullscreen in the plugin's JavaScript, leading to a cross-site scripting vulnerability through specially crafted URLs.

Recommendations For Jenkins Delivery Pipeline Plugin versions 1.0.7 and earlier, update to version 1.0.8 or later, which converts the fullscreen parameter value to a boolean (true/false) and inserts that into the page instead, mitigating the cross-site scripting vulnerability.