CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

Snyk•added 2026/04/30 6:17 a.m.•6 views

Cross-site Scripting (XSS)

Overview org.jenkins-ci.plugins:htmlpublisher is a plugin for Jenkins that publishes HTML reports. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the wrapper generation logic in HtmlPublisher. An attacker can inject arbitrary HTML attributes or markup by supplyin...

8.7CVSS5.8AI score0.00051EPSS

Exploits0References3

vulnersOsv•added 2026/04/29 3:30 p.m.•5 views

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), io.jenkins.blueocean:blueocean (>=1.27.17 <=1.27.25) +8 more potentially affected by CVE-2026-42524 via org.jenkins-ci.plugins:htmlpublisher (>=1.0 <=1.6)

org.jenkins-ci.plugins:htmlpublisher MAVEN version =1.0, =1.9.2-beta, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.0.0, =1.0.18 Source cves: CVE-2026-42524 Source advisory: OSV:GHSA-F8H4-46XV-H7JJ...

8CVSS6AI score0.00051EPSS

Exploits0

vulnersOsv•added 2025/07/09 6:30 p.m.•2 views

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), io.jenkins.blueocean:blueocean (>=1.27.17 <=1.27.25) +8 more potentially affected by CVE-2025-53651 via org.jenkins-ci.plugins:htmlpublisher (>=1.0 <=1.6)

org.jenkins-ci.plugins:htmlpublisher MAVEN version =1.0, =1.9.2-beta, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.0.0, =1.0.18 Source cves: CVE-2025-53651 Source advisory: OSV:GHSA-367V-5PPJ-2HRX...

6.3CVSS5.8AI score0.01314EPSS

Exploits0

Snyk•added 2025/07/09 6:30 p.m.•2 views

Logging of Excessive Data

Overview org.jenkins-ci.plugins:htmlpublisher is a plugin for Jenkins that publishes HTML reports. Affected versions of this package are vulnerable to Logging of Excessive Data in the publishReports functionality. An attacker can obtain sensitive information about the file system structure by...

6.3CVSS6.5AI score0.01314EPSS

Exploits0References2

Veracode•added 2024/03/11 5:22 a.m.•16 views

Cross-site Scripting (XSS)

org.jenkins-ci.plugins, htmlpublisher is vulnerable to Cross-Site Scripting. The vulnerability is due to publishReports function within HtmlPublisher.java not having proper input sanitization, This flow allows attackers with Item/Configure permission to inject malicious scripts into job names,...

4.7CVSS6.8AI score0.00176EPSS

Exploits0References4Affected Software1

vulnersOsv•added 2024/03/06 6:30 p.m.•0 views

org.jenkins-ci.plugins:php (=1.0), org.jenkins-ci.plugins:qftest (>=1.0.0 <=1.0.18) potentially affected by CVE-2024-28150 via org.jenkins-ci.plugins:htmlpublisher (>=1.0 <=1.3)

org.jenkins-ci.plugins:htmlpublisher MAVEN version =1.0, =1.0.0, =1.0.18 Source cves: CVE-2024-28150 Source advisory: OSV:GHSA-XRRW-9J78-HPF3...

4.7CVSS5.8AI score0.00176EPSS

Exploits0

vulnersOsv•added 2022/05/24 4:57 p.m.•2 views

org.jenkins-ci.plugins:php (=1.0) potentially affected by CVE-2019-10432 via org.jenkins-ci.plugins:htmlpublisher (=1.0)

org.jenkins-ci.plugins:htmlpublisher MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:htmlpublisher and may be impacted: - org.jenkins-ci.plugins:php =1.0 Source cves: CVE-2019-10432 Source advisory:...

5.4CVSS6.8AI score0.00162EPSS

Exploits0

Veracode•added 2018/04/17 8:13 a.m.•14 views

Path Traversal

htmlpublisher is vulnerable to path traversal. User input report names are not further validated and are employed as part of a URL and as a directory name, overriding files outside the build directory...

6.5CVSS6.3AI score0.00342EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by