9 matches found
EUVD-2022-7488
Malicious code in bioql PyPI...
CVE-2022-46687
Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...
CVE-2023-32977
Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to set build display names immediately...
CVE-2022-46687
Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...
CVE-2022-46687
Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...
PT-2022-27951 · Jenkins · Jenkins Spring Config Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Spring Config Plugin versions 2.0.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability. It occurs because build display names shown on the Spring Config view are not escaped, allowing attackers who c...
CVE-2022-46686
Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to set or change these...
GHSA-H8HF-HXX6-5G6V Cross-site Scripting in Jenkins Naginator Plugin
Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to edit build display names. Naginator Plugin 1.18.2 escapes display nam...
Cross-site Scripting in Jenkins Naginator Plugin
Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to edit build display names. Naginator Plugin 1.18.2 escapes display nam...