Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7488

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00456EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 12:23 a.m.6 views

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

5.4CVSS5.4AI score0.00456EPSS
Exploits0References1
NVD
NVD
added 2023/05/16 4:15 p.m.22 views

CVE-2023-32977

Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to set build display names immediately...

5.4CVSS6.3AI score0.00586EPSS
Exploits0References1
OSV
OSV
added 2022/12/12 9:15 a.m.4 views

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

5.4CVSS5.7AI score
Exploits0References1
Cvelist
Cvelist
added 2022/12/07 12:0 a.m.28 views

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

5.6AI score0.00456EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/07 12:0 a.m.4 views

PT-2022-27951 · Jenkins · Jenkins Spring Config Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Spring Config Plugin versions 2.0.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability. It occurs because build display names shown on the Spring Config view are not escaped, allowing attackers who c...

8CVSS5.1AI score0.00456EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/12/07 12:0 a.m.16 views

CVE-2022-46686

Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to set or change these...

5.4AI score0.00456EPSS
Exploits0References1
OSV
OSV
added 2022/11/16 12:0 p.m.18 views

GHSA-H8HF-HXX6-5G6V Cross-site Scripting in Jenkins Naginator Plugin

Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to edit build display names. Naginator Plugin 1.18.2 escapes display nam...

5.4CVSS5.4AI score0.00589EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.33 views

Cross-site Scripting in Jenkins Naginator Plugin

Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to edit build display names. Naginator Plugin 1.18.2 escapes display nam...

5.4CVSS5.4AI score0.00589EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder