3 matches found
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...
CVE-2023-28669
Summary: Jenkins JaCoCo Plugin versions 3.3.2 and earlier are vulnerable to stored XSS due to failure to escape class and method names in the UI. The vulnerability is exploitable by attackers who can control input files used by the ‘Record JaCoCo coverage report’ post-build action. A fix exists i...
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...