Lucene search
K

130 matches found

OSV
OSV
added 2022/05/24 7:20 p.m.19 views

GHSA-RP4X-H577-CHVQ Stored XSS vulnerability in Jenkins Active Choices Plugin

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Jenkins Active Choices Plugin 2.5.7...

5.4CVSS5.2AI score0.88476EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 7:20 p.m.22 views

Stored XSS vulnerability in Jenkins Active Choices Plugin

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Jenkins Active Choices Plugin 2.5.7...

5.4CVSS4.9AI score0.88476EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:28 p.m.30 views

Stored XSS vulnerability in Validating String Parameter Plugin

Validating String Parameter Plugin 2.4 and earlier does not escape regular expressions in tooltips. Additionally, Validating String Parameter Plugin 2.4 does not escape parameter names and parameter descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by...

5.4CVSS5AI score0.00735EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/18 12:0 a.m.34 views

GHSA-5PMP-7WC9-V7VW Cross-site Scripting in Jenkins JDK Parameter Plugin

Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters. This results in stored cross-site scripting XSS vulnerabilities exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability...

8CVSS5.8AI score0.0073EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/05/17 3:15 p.m.4 views

CVE-2022-30961

Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6AI score0.0073EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.4 views

PT-2022-20421 · Jenkins · Jenkins Promoted Builds (Simple) Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Promoted Builds Simple Plugin versions 1.9 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the name and description of Promotion Level parameters on views displaying...

5.4CVSS5.3AI score0.0073EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.4 views

PT-2022-20417 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Autocomplete Parameter Plugin versions 1.1 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability due to the failure to escape the name of Dropdown Autocomplete and Auto Complete String parameter...

5.4CVSS5.8AI score0.0073EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.7 views

Jenkins Autocomplete Parameter Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from the program not properly escaping the names of th...

5.4CVSS5.4AI score0.0073EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.4 views

PT-2022-20419 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins JDK Parameter Plugin version 1.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which is exploitable by attackers with Item/Configure permission. This occurs because the plugin does not...

8CVSS5.7AI score0.0073EPSS
Exploits0References7
OSV
OSV
added 2022/05/13 1:2 a.m.10 views

GHSA-R69C-5J7C-VM6Q Cross-site Scripting in Jenkins

Jenkins before versions 2.44 and 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...

5.4CVSS6.8AI score0.02146EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.33 views

Cross-site Scripting in Jenkins

Jenkins before versions 2.44 and 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...

6.1CVSS5.5AI score0.02146EPSS
Exploits0References11Affected Software1
RedHat Linux
RedHat Linux
added 2022/05/02 6:23 p.m.4 views

credentials: Stored XSS vulnerabilities in jenkins plugin

A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.7855EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.3 views

CVE-2022-29042

Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configu...

5.4CVSS6.1AI score0.00798EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.3 views

CVE-2022-29038

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6AI score0.00637EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.6 views

CVE-2022-29036

Jenkins Credentials Plugin 1111.v35a307992395 and earlier, except 1087.1089.v2f1b9ab040e4, 1074.1076.v39c30cecb0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability...

5.4CVSS6AI score0.7855EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.3 views

CVE-2022-29045

Jenkins promoted builds Plugin 873.v6149dbd64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.1AI score0.00782EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.2 views

PT-2022-19380 · Jenkins · Jenkins Git Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Parameter Plugin versions 0.9.15 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the name and description of Git parameters on views displaying parameters are not...

5.4CVSS5.1AI score0.00802EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.7 views

PT-2022-19382 · Jenkins · Jenkins Job Generator Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Generator Plugin versions 1.22 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Job Generator Plugin does not escape the name and description of...

5.4CVSS5.5AI score0.00798EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/03/22 5:31 p.m.4 views

credentials: Stored XSS vulnerabilities in jenkins plugin

A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.7855EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.4 views

Jenkins List Git Branches Parameter 插件跨站脚本漏洞

Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building and deploying projects, and the Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier is vulnerable to a cross-site...

5.4CVSS5.3AI score0.00792EPSS
Exploits0References6
Rows per page
Query Builder