2 matches found
CVE-2022-29037
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29037
CVE-2022-29037 affects Jenkins CVS Plugin, versions 2.19 and earlier. Root cause: the plugin does not escape the name/description of CVS Symbolic Name parameters on parameter-views, causing stored XSS. Exploitation requires Item/Configure permission; no exploitation details or patches are provide...