87 matches found
Jenkins HTML Publisher Plugin has a XSS vulnerability in the legacy wrapper file
Jenkins HTML Publisher Plugin versoins 427 and earlier do not escape the job name and URL in the legacy wrapper file. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. HTML Publisher Plugin 427.1 escapes job name and URL when...
GHSA-F8H4-46XV-H7JJ Jenkins HTML Publisher Plugin has a XSS vulnerability in the legacy wrapper file
Jenkins HTML Publisher Plugin versoins 427 and earlier do not escape the job name and URL in the legacy wrapper file. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. HTML Publisher Plugin 427.1 escapes job name and URL when...
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
EUVD-2026-26226
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2026-42524
CVE-2026-42524 : Jenkins HTML Publisher Plugin 427 and earlier is vulnerable to a stored XSS due to not escaping the job name and URL in the legacy wrapper file. This can be exploited by attackers with Item/Configure permission. The public descriptions identify the affected component and the root...
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
PT-2026-35918
Name of the Vulnerable Software and Affected Versions Jenkins HTML Publisher Plugin versions prior to 428 Description Stored cross-site scripting XSS occurs because the legacy wrapper file fails to escape the job name and URL. This allows attackers with Item/Configure permissions to execute...
Jenkins HTML Publisher Plugin 跨站脚本漏洞
The Jenkins HTML Publisher Plugin is an open-source continuous integration plugin developed by Jenkins, designed for publishing and displaying HTML reports generated by builds. The Jenkins HTML Publisher Plugin versions 427 and earlier contained a cross-site scripting vulnerability. This...
EUVD-2022-2469
Malicious code in bioql PyPI...
EUVD-2022-4916
Malicious code in bioql PyPI...
EUVD-2024-1047
Malicious code in bioql PyPI...
CVE-2025-53651
Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...
Jenkins HTML Publisher Plugin vulnerability displays controller file system information in its logs
Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log. HTML Publisher Plugin 427 displays only the parent...
GHSA-367V-5PPJ-2HRX Jenkins HTML Publisher Plugin vulnerability displays controller file system information in its logs
Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log. HTML Publisher Plugin 427 displays only the parent...
CVE-2025-53651
Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...
CVE-2025-53651
Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...
CVE-2025-53651
Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...