2 matches found
CVE-2022-25185
Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-25185
The CVE-2022-25185 entry relates to the Jenkins Generic Webhook Trigger Plugin (versions ≤ 1.81). Root cause: the plugin does not escape the build cause when using the webhook, enabling a stored XSS vulnerability. Impact: attacker with Item/Configure permission can exploit via the webhook to inje...