Lucene search
K

93 matches found

OSV
OSV
added 2020/06/03 1:15 p.m.19 views

CVE-2020-2193

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...

5.4CVSS6.2AI score
Exploits0References2
NVD
NVD
added 2020/06/03 1:15 p.m.28 views

CVE-2020-2194

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References2
NVD
NVD
added 2020/06/03 1:15 p.m.25 views

CVE-2020-2193

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...

5.4CVSS5.3AI score0.00735EPSS
Exploits0References2
Prion
Prion
added 2020/06/03 1:15 p.m.18 views

Cross site scripting

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...

3.5CVSS5.3AI score0.00735EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/06/03 1:15 p.m.18 views

Cross site scripting

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability...

3.5CVSS5.2AI score0.00735EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/06/03 12:40 p.m.26 views

CVE-2020-2194

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability...

5.2AI score0.00735EPSS
Exploits0References2
CVE
CVE
added 2020/06/03 12:40 p.m.68 views

CVE-2020-2193

CVE-2020-2193 affects the Jenkins ECharts API Plugin, version 4.7.0-3 and earlier, where the parser identifier is not escaped when rendering charts, causing a stored cross-site scripting (XSS) vulnerability. The issue is documented across multiple feeds (NVD, Red Hat, OSV, GHSA) and is mitigated ...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/06/03 12:40 p.m.67 views

CVE-2020-2194

CVE-2020-2194 affects the Jenkins ECharts API Plugin, where versions 4.7.0-3 and earlier fail to escape the display name in the trend chart. This causes a stored cross-site scripting (XSS) vulnerability. The issue arises from missing input validation/escaping in the chart display name, enabling i...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/06/03 12:40 p.m.34 views

CVE-2020-2193

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...

5.3AI score0.00735EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/06/03 12:40 p.m.29 views

CVE-2020-2194

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability...

5.4CVSS0.9AI score0.00735EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/06/03 12:40 p.m.29 views

CVE-2020-2193

Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability...

5.4CVSS2AI score0.00735EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/06/03 12:0 a.m.10 views

PT-2020-15408 · Jenkins · Jenkins Echarts Api Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ECharts API Plugin versions 4.7.0-3 and earlier Description: The issue results in a stored cross-site scripting vulnerability due to the failure to escape the display name of the builds in the trend chart. This can be exploited by use...

5.4CVSS5.1AI score0.00735EPSS
Exploits0References6
Veracode
Veracode
added 2017/01/03 1:1 a.m.17 views

Cross-Site Scripting (XSS)

echarts is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript because the format utility tooltip doesn't sanitize the user input...

6.1AI score
Exploits0
Rows per page
Query Builder