3 matches found
CVE-2023-28678
Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...
CVE-2023-28678
The CVE-2023-28678 entry concerns Jenkins Cppcheck Plugin, versions 1.26 and earlier. The root cause is that the plugin does not escape file names in Cppcheck report files before displaying them in the Jenkins UI, enabling a stored XSS vulnerability when an attacker controls report contents. Repo...
CVE-2023-28678
Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...