Svennergr

**Name of the Vulnerable Software and Affected Versions** Jenkins Git Parameter Plugin versions 0.9.11 and earlier **Description** The issue results in a stored cross-site scripting vulnerability. It is exploitable by users with Job/Configure permission due to the parameter name not being escaped on the UI. **Recommendations** For Jenkins Git Parameter Plugin versions 0.9.11 and earlier, update to a version that fixes the stored cross-site scripting vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Git Parameter Plugin versions 0.9.11 and earlier **Description** The issue results in a stored cross-site scripting vulnerability. This is exploitable by users with Job/Configure permission. The vulnerability occurs because the default value shown on the UI is not escaped. **Recommendations** For Jenkins Git Parameter Plugin versions 0.9.11 and earlier, update to a version that fixes this issue to prevent exploitation.