3 matches found
org.jenkins-ci.plugins:php (=1.0), org.jenkins-ci.plugins:qftest (>=1.0.0 <=1.0.18) potentially affected by CVE-2024-28150 via org.jenkins-ci.plugins:htmlpublisher (>=1.0 <=1.3)
org.jenkins-ci.plugins:htmlpublisher MAVEN version =1.0, =1.0.0, =1.0.18 Source cves: CVE-2024-28150 Source advisory: OSV:GHSA-XRRW-9J78-HPF3...
CVE-2024-28150
Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2024-28150
CVE-2024-28150 affects Jenkins HTML Publisher Plugin, version 1.32 and earlier. The issue is a stored XSS vulnerability caused by the plugin failing to escape job names, report names, and index page titles shown within the report frame. Exploitation requires attackers to have Item/Configure permi...