72 matches found
jenkins-plugin/JUnit: Stored XSS vulnerability in JUnit Plugin
A flaw was found in the JUnit Jenkins Plugin. The affected version of the JUnit plugin converts HTTPS URLs in test report output to clickable links, which leads to a stored Cross-site scripting XSS attack...
Cross-site Scripting in Jenkins JUnit Plugin
Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...
CVE-2023-25761
Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...
Cross site scripting
Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...
CVE-2023-25761
A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability. This may allow an attacker to control test case class names in the JUnit resources...
SUSE CVE-2018-1000056
Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2023-25761
Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...
CVE-2023-25761
Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...
CVE-2023-25761
Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...
CVE-2023-25761
Technical details about CVE-2023-25761 are not publicly provided in the supplied documents. No concrete affected products, versions, impact, or fixes are confirmed here. Monitor for updates.
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.9 Multiple Vulnerabilities (CloudBees Security Advisory 2023-02-15)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.9. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Synopsys Coverity Plugin allow...
jenkins-plugin/JUnit: Stored XSS vulnerability in JUnit Plugin
A flaw was found in the JUnit Jenkins Plugin. The affected version of the JUnit plugin converts HTTPS URLs in test report output to clickable links, which leads to a stored Cross-site scripting XSS attack...
jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin
A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website...
GHSA-298R-5C48-7Q2R Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links. This is done in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. JUnit Plugin 1160.vf1f01aaeab7f no long...
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links. This is done in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. JUnit Plugin 1160.vf1f01aaeab7f no long...
CVE-2022-45380
Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-45380
Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-45380
Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-45380
Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...