8 matches found
Stored Cross-Site Scripting (XSS)
Jenkins AnchorChain Plugin is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of URL schemes when generating links from workspace content, allowing attackers to inject javascript: URLs that execute malicious scripts in the Jenkins user interface...
CVE-2025-30196
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...
Jenkins AnchorChain Plugin Has a Cross-Site Scripting (XSS) Vulnerability
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...
CVE-2025-30196
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...
CVE-2025-30196
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...
CVE-2025-30196
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...
CVE-2025-30196
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...
Jenkins AnchorChain Plugin 安全漏洞
Jenkins AnchorChain Plugin is an open source Jenkins plugin for Jenkins. A security vulnerability exists in version 1.0 of the Jenkins AnchorChain Plugin, which stems from an unrestricted URL scheme and could lead to a stored cross-site scripting attack...