Is CVE-2021-21667 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project Scriptler Plugin

CVE-2021-21667

Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.

EPSS: 0.757 (99.5th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Scriptler Plugin — versions unspecified

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.jenkins.io/security/advisory/2021-06-16/ (x_refsource_CONFIRM)
[oss-security] 20210616 Multiple vulnerabilities in Jenkins plugins (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2021-21667?: CVE-2021-21667 is a vulnerability in Jenkins Project Scriptler Plugin. Published 2021-06-16.
Is CVE-2021-21667 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.