93 matches found
CVE-2020-2193
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2194
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2193
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...
Cross site scripting
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...
Cross site scripting
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2194
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2193
CVE-2020-2193 affects the Jenkins ECharts API Plugin, version 4.7.0-3 and earlier, where the parser identifier is not escaped when rendering charts, causing a stored cross-site scripting (XSS) vulnerability. The issue is documented across multiple feeds (NVD, Red Hat, OSV, GHSA) and is mitigated ...
CVE-2020-2194
CVE-2020-2194 affects the Jenkins ECharts API Plugin, where versions 4.7.0-3 and earlier fail to escape the display name in the trend chart. This causes a stored cross-site scripting (XSS) vulnerability. The issue arises from missing input validation/escaping in the chart display name, enabling i...
CVE-2020-2193
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2194
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2193
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...
PT-2020-15408 · Jenkins · Jenkins Echarts Api Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins ECharts API Plugin versions 4.7.0-3 and earlier Description: The issue results in a stored cross-site scripting vulnerability due to the failure to escape the display name of the builds in the trend chart. This can be exploited by use...
Cross-Site Scripting (XSS)
echarts is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript because the format utility tooltip doesn't sanitize the user input...