EUVD-2026-26226

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Jenkins HTML Publisher Plugin 跨站脚本漏洞

The Jenkins HTML Publisher Plugin is an open-source continuous integration plugin developed by Jenkins, designed for publishing and displaying HTML reports generated by builds. The Jenkins HTML Publisher Plugin versions 427 and earlier contained a cross-site scripting vulnerability. This...

EUVD-2022-4916

Malicious code in bioql PyPI...

EUVD-2024-1047

Malicious code in bioql PyPI...

CVE-2025-53651

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...

PT-2025-28903 · Jenkins · Jenkins Html Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins HTML Publisher Plugin versions prior to 426 Description: The Jenkins HTML Publisher Plugin versions prior to 426 displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step,...

CVE-2024-28149

Jenkins HTML Publisher Plugin 1.16 through 1.32 both inclusive does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting XSS attacks and to determine whether a path on the Jenkins controller file system exists...

CVE-2024-28150

Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

PT-2024-2096 · Jenkins · Jenkins Html Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins HTML Publisher Plugin versions 1.32 and earlier Description: The issue is related to the incorrect restriction of the directory path name with limited access. Exploitation may allow a remote attacker to read arbitrary files using a...

PT-2024-2110 · Jenkins · Jenkins Html Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins HTML Publisher Plugin versions 1.16 through 1.32 Description: The issue arises from the plugin's failure to properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting XSS attacks. This...