Lucene search
GoogleOSV:CVE-2018-1000170HistoryApr 16, 2018 - 9:58 a.m.
CVE-2018-1000170
2018-04-1609:58:09
Google
osv.dev
3
0.001 Low
EPSS
Percentile
21.7%
A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user’s browser when that other user performs some UI actions.
Related
nvd
nvd
CVE-2018-1000170
2018-04-16 09:58:09
osv
osv
Cross-site Scripting in Jenkins Core
2022-05-14 01:04:36
github
github
Cross-site Scripting in Jenkins Core
2022-05-14 01:04:36
cve
cve
CVE-2018-1000170
2018-04-16 09:58:09
prion
prion
Cross site scripting
2018-04-16 09:58:00
redhatcve
redhatcve
CVE-2018-1000170
2018-04-13 20:50:01
cvelist
cvelist
CVE-2018-1000170
2018-04-13 21:00:00
openvas
openvas
Jenkins Multiple Vulnerabilities (Apr 2018) - Windows
2018-04-23 00:00:00
Jenkins Multiple Vulnerabilities (Apr 2018) - Linux
2018-04-23 00:00:00
nessus
nessus
Jenkins < 2.107.2 / 2.116 Multiple Vulnerabilities
2018-05-03 00:00:00