Sven Grossmann

**Name of the Vulnerable Software and Affected Versions** Jenkins Git Parameter Plugin versions 0.9.11 and earlier **Description** The issue results in a stored cross-site scripting vulnerability. It is exploitable by users with Job/Configure permission due to the parameter name not being escaped on the UI. **Recommendations** For Jenkins Git Parameter Plugin versions 0.9.11 and earlier, update to a version that fixes the stored cross-site scripting vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Git Parameter Plugin versions 0.9.11 and earlier **Description** The issue results in a stored cross-site scripting vulnerability. This is exploitable by users with Job/Configure permission. The vulnerability occurs because the default value shown on the UI is not escaped. **Recommendations** For Jenkins Git Parameter Plugin versions 0.9.11 and earlier, update to a version that fixes this issue to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** HRworks version 3.36.9 **Description** The issue allows for XSS via the purpose of a travel-expense report. **Recommendations** For HRworks version 3.36.9, update to a version that fixes this issue, as using the current version may pose a security risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.