5 matches found
CVE-2022-23108
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-23108
creationtimestamp| type| source ---|---|--- 2022-01-12 22:17:25+00:00| seen| https://t.me/cibsecurity/35360...
CVE-2022-23108
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-23108
The CVE-2022-23108 issue affects Jenkins Badge Plugin (version 1.9 and earlier). The vulnerability arises because the plugin does not escape the description field and does not enforce allowed protocols when creating a badge, leading to a stored XSS vulnerability. Exploitation requires attacker wi...
CVE-2022-23108
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...