CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-5815

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.01259EPSS

Exploits0References5

SUSE CVE•added 2023/02/15 4:35 a.m.•4 views

SUSE CVE-2017-1000386

Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Acti...

5.4CVSS5.1AI score0.00042EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 4:4 a.m.•2 views

SUSE CVE-2020-2238

Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS5AI score0.00233EPSS

Exploits0References3

Positive Technologies•added 2022/06/30 12:0 a.m.•2 views

PT-2022-22343 · Jenkins · Jenkins Validating Email Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Validating Email Parameter Plugin versions 1.10 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This is due to the plugin not escaping the name and description of its parameter type...

8CVSS5.6AI score0.09095EPSS

Exploits0References5

Github Security Blog•added 2022/06/24 12:0 a.m.•28 views

Cross-site Scripting in Jenkins Readonly Parameter Plugin

Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.7AI score0.17548EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2022/06/22 12:0 a.m.•2 views

PT-2022-22053 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Date Parameter Plugin versions 0.0.4 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Date Parameter Plugin does not escape the name and description of Date paramete...

8CVSS5.7AI score0.16751EPSS

Exploits0References7

Positive Technologies•added 2022/06/22 12:0 a.m.•2 views

PT-2022-22066 · Jenkins · Jenkins Sauce Ondemand Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sauce OnDemand Plugin versions 1.204 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the plugin doe...

8CVSS5.7AI score0.09474EPSS

Exploits0References5

Positive Technologies•added 2022/06/22 12:0 a.m.•2 views

PT-2022-22052 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins CRX Content Package Deployer Plugin versions 1.9 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the plugin does not escape the name and description of CRX Content Package Choi...

8CVSS5.8AI score0.16751EPSS

Exploits0References8

Github Security Blog•added 2022/05/24 5:45 p.m.•19 views

CSRF vulnerability in Jenkins Build With Parameters Plugin

Jenkins Build With Parameters Plugin 1.5 and earlier does not require POST requests for its form submission endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to build a project with attacker-specified parameters. Build With Parameters Plug...

8.8CVSS8.2AI score0.00074EPSS

Exploits0References5Affected Software1

OSV•added 2022/05/24 5:45 p.m.•14 views

GHSA-W24G-24QG-V4W2 CSRF vulnerability in Jenkins Build With Parameters Plugin

8.8CVSS8.6AI score0.00074EPSS

Exploits0References5

OSV•added 2022/05/18 12:0 a.m.•32 views

GHSA-5PMP-7WC9-V7VW Cross-site Scripting in Jenkins JDK Parameter Plugin

Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters. This results in stored cross-site scripting XSS vulnerabilities exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability...

8CVSS5.8AI score0.00217EPSS

Exploits0References3

Github Security Blog•added 2022/05/18 12:0 a.m.•30 views

Cross-site Scripting in Jenkins JDK Parameter Plugin

5.4CVSS5.7AI score0.00217EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2022/05/17 12:0 a.m.•1 views

PT-2022-20424 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins vboxwrapper Plugin versions 1.3 and earlier Description: The Jenkins vboxwrapper Plugin does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting XSS...

8CVSS5.5AI score0.00114EPSS

Exploits0References6

OSV•added 2022/04/12 8:15 p.m.•20 views

CVE-2022-29042

Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configu...

5.4CVSS5.3AI score

Exploits0References1

CNNVD•added 2022/04/12 12:0 a.m.•1 views

Jenkins Job Generator Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.Jenkins Job Generator Plugin has...

5.4CVSS5.3AI score0.00217EPSS

Exploits0References4

Positive Technologies•added 2022/04/12 12:0 a.m.•1 views

PT-2022-19385 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins promoted builds Plugin versions 873.v6149db d64130 and earlier, except version 3.10.1 Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permissio...

5.4CVSS5.5AI score0.00217EPSS

Exploits0References6

Positive Technologies•added 2022/04/12 12:0 a.m.•1 views

PT-2022-19386 · Jenkins +1 · Jenkins +2

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.3 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Subversion Plugin does not escape the name and description of List Subversion tags...

5.4CVSS5.5AI score0.00096EPSS

Exploits0References14

Positive Technologies•added 2022/04/12 12:0 a.m.•2 views

PT-2022-19382 · Jenkins · Jenkins Job Generator Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Generator Plugin versions 1.22 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Job Generator Plugin does not escape the name and description of...

5.4CVSS5.5AI score0.00217EPSS

Exploits0References7

CNVD•added 2021/03/31 12:0 a.m.•7 views

CloudBees Jenkins Build With Parameters Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

8.8CVSS6.6AI score0.00074EPSS

Exploits0References1

CNVD•added 2021/03/31 12:0 a.m.•6 views

CloudBees Jenkins Build With Parameters Plugin Cross-Site Scripting Vulnerability

5.4CVSS5.9AI score0.01259EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by