Lucene search
Redhat.comRH:CVE-2018-1000170HistoryApr 13, 2018 - 8:50 p.m.
CVE-2018-1000170
2018-04-1320:50:01
redhat.com
access.redhat.com
7
0.001 Low
EPSS
Percentile
21.7%
A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user’s browser when that other user performs some UI actions.
Related
osv
osv
Cross-site Scripting in Jenkins Core
2022-05-14 01:04:36
CVE-2018-1000170
2018-04-16 09:58:09
github
github
Cross-site Scripting in Jenkins Core
2022-05-14 01:04:36
nvd
nvd
CVE-2018-1000170
2018-04-16 09:58:09
cve
cve
CVE-2018-1000170
2018-04-16 09:58:09
prion
prion
Cross site scripting
2018-04-16 09:58:00
cvelist
cvelist
CVE-2018-1000170
2018-04-13 21:00:00
openvas
openvas
Jenkins Multiple Vulnerabilities (Apr 2018) - Windows
2018-04-23 00:00:00
Jenkins Multiple Vulnerabilities (Apr 2018) - Linux
2018-04-23 00:00:00
nessus
nessus
Jenkins < 2.107.2 / 2.116 Multiple Vulnerabilities
2018-05-03 00:00:00