GHSA-J4WF-9GX8-63F8 Jenkins Applitools Eyes Plugin vulnerable to XSS through its Build page

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Applitools Eyes Plugin 1.16.6 rejects Applitools URLs that contain HTML...

CVE-2022-20615

A stored Cross-site scripting XSS vulnerability was found in the Jenkins Matrix Project plugin. There are no escape HTML metacharacters in node, label names, and label descriptions, which allows an attacker with Agent/Configure permissions to perform an XSS attack...

Stored XSS vulnerability in Matrix Project Plugin

Jenkins Matrix Project Plugin prior to 1.20 and 1.18.1 does not escape HTML metacharacters in node and label names, and label descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. Matrix Project Plugin 1.20 and 1.18...

CVE-2022-20615

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

Cross site scripting

Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than...