Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7488

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00456EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 12:23 a.m.6 views

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

5.4CVSS5.4AI score0.00456EPSS
Exploits0References1
NVD
NVD
added 2023/05/16 4:15 p.m.23 views

CVE-2023-32977

Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to set build display names immediately...

5.4CVSS6.3AI score0.00586EPSS
Exploits0References1
OSV
OSV
added 2022/12/12 9:15 a.m.4 views

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

5.4CVSS5.7AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/07 12:0 a.m.16 views

CVE-2022-46686

Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to set or change these...

5.4AI score0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/07 12:0 a.m.28 views

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

5.6AI score0.00456EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/07 12:0 a.m.4 views

PT-2022-27951 · Jenkins · Jenkins Spring Config Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Spring Config Plugin versions 2.0.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability. It occurs because build display names shown on the Spring Config view are not escaped, allowing attackers who c...

8CVSS5.1AI score0.00456EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.33 views

Cross-site Scripting in Jenkins Naginator Plugin

Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to edit build display names. Naginator Plugin 1.18.2 escapes display nam...

5.4CVSS5.4AI score0.00589EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/11/16 12:0 p.m.18 views

GHSA-H8HF-HXX6-5G6V Cross-site Scripting in Jenkins Naginator Plugin

Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to edit build display names. Naginator Plugin 1.18.2 escapes display nam...

5.4CVSS5.4AI score0.00589EPSS
Exploits0References5
Rows per page
Query Builder