CVE-2019-10376

Name of the Vulnerable Software and Affected Versions Jenkins Wall Display Plugin versions 0.6.34 and earlier

Description A reflected cross-site scripting issue allows attackers to inject arbitrary HTML and JavaScript into web pages. The customTheme query parameter is not properly escaped, resulting in this issue. There is no information about real-world incidents or the estimated number of potentially affected devices worldwide.

Recommendations For Jenkins Wall Display Plugin versions 0.6.34 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the customTheme query parameter to minimize the risk of exploitation.