Lucene search
Redhat.comRH:CVE-2023-43495HistorySep 22, 2023 - 11:54 a.m.
CVE-2023-43495
2023-09-2211:54:51
redhat.com
access.redhat.com
10
jenkins
cross-site scripting
remote attacker
web browser
0.001 Low
EPSS
Percentile
38.0%
A flaw was found in Jenkins weekly and LTS, which are vulnerable to cross-site scripting caused by improper validation of user-supplied input by the caption constructor parameter of ExpandableDetailsNote. This issue could allow a remote, authenticated attacker to inject malicious script into a Web page, which would be executed in a victim’s Web browser in the hosting Web site, and then steal the victim’s cookie-based authentication credentials.
Related
cve
cve
CVE-2023-43495
2023-09-20 17:15:11
osv
osv
CVE-2023-43495
2023-09-20 17:15:11
Jenkins Cross-site Scripting vulnerability
2023-09-20 18:30:21
BIT-jenkins-2023-43495
2024-03-06 10:54:50
cvelist
cvelist
CVE-2023-43495
2023-09-20 16:06:09
alpinelinux
alpinelinux
CVE-2023-43495
2023-09-20 17:15:11
prion
prion
Cross site scripting
2023-09-20 17:15:00
veracode
veracode
Cross-site Scripting
2023-09-25 07:18:08
github
github
Jenkins Cross-site Scripting vulnerability
2023-09-20 18:30:21
nessus
nessus
freebsd
freebsd
jenkins -- multiple vulnerabilities
2023-09-20 00:00:00
redos
redos
ROS-20240411-08
2024-04-11 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00