Lucene search
+L

4 matches found

nvd
nvd
added 2026/02/06 4:16 p.m.8 views

CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS0.00189EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/06 3:52 p.m.31 views

CVE-2025-13523 Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS0.00189EPSS
Exploits0References1
euvd
euvd
added 2026/02/06 3:52 p.m.9 views

EUVD-2025-206888

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.7AI score0.00189EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/05/16 12:0 a.m.3 views

PT-2023-24110 · Jenkins · Jenkins Pipeline: Job Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Job Plugin versions 1292.v27d8cc3e2602 and earlier Description: The Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site...

7.5CVSS5.4AI score0.00586EPSS
Exploits0References7
Rows per page
Query Builder