3 matches found
CVE-2020-2264
Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2264
Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2264
Summary: CVE-2020-2264 affects Jenkins Custom Job Icon Plugin (versions 0.2 and earlier). The vulnerability is a stored XSS caused by failing to escape job descriptions in tooltips. Exploitation requires attacker to have Job/Configure permission. Impact: stored XSS that can execute client-side co...