5 matches found
Cross site scripting
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2194
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2193
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...
PT-2020-15408 · Jenkins · Jenkins Echarts Api Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins ECharts API Plugin versions 4.7.0-3 and earlier Description: The issue results in a stored cross-site scripting vulnerability due to the failure to escape the display name of the builds in the trend chart. This can be exploited by use...
PT-2020-15407 · Jenkins · Jenkins Echarts Api Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins ECharts API Plugin versions 4.7.0-3 and earlier Description: The issue results in a stored cross-site scripting vulnerability due to the failure to escape the parser identifier when rendering charts. This can be exploited by users wit...