Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

PT-2025-50359

Name of the Vulnerable Software and Affected Versions Jenkins Coverage Plugin versions 2.3054.ve1ff7b a a 123b and earlier Description The Jenkins Coverage Plugin does not properly validate the configured coverage results ID when creating coverage results. Specifically, the validation occurs only...