{"id":"CVE-2022-34192","details":"Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.","aliases":["GHSA-6882-385p-hhhw"],"modified":"2026-04-10T04:48:40.243906Z","published":"2022-06-23T17:15:16.670Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/ontrack-plugin","events":[{"introduced":"0"},{"last_affected":"cff465bf3b3df05fb3d2f9c62dd1ebfbe8275cf1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.0"}]}}],"versions":["2.0.0-RC-1","2.0.1","2.1.0","2.11.0","2.13.0","2.13.1","2.13.2","2.14.0","2.15.0","2.16.0","2.17.0","2.18.0","2.18.1","2.19.0","2.19.1","2.19.2","2.2.1","2.21.0","2.22.0","2.22.1","2.22.2","2.22.3","2.22.4","2.25.0","2.25.1","2.26.0","2.28.1","2.28.2","2.29.0","2.29.1","2.30.1","2.30.2","2.30.3","2.30.5","2.31.0","2.31.1","2.31.2","2.31.3","2.31.4","2.32.0","2.32.1","2.32.2","2.32.3","2.32.4","2.32.5","2.33.0","2.33.1","2.33.2","2.33.3","2.33.4","2.4.0","2.8.0","2.9.0","3.0","3.1","3.2","3.3","3.3.5","3.4","3.4.1","3.5.0","3.6.0","3.7.0","3.8.0","3.8.2","3.8.3","ontrack-2.4.1","ontrack-2.4.2","ontrack-2.4.3","ontrack-2.5.0","ontrack-2.6.0","ontrack-2.7.0","ontrack-4.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34192.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}