5 matches found
EUVD-2018-13015
Malware in sbrugna...
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...
Jenkins AnchorChain Plugin Has a Cross-Site Scripting (XSS) Vulnerability
Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...
CVE-2025-30196
CVE-2025-30196 concerns Jenkins AnchorChain Plugin 1.0. The vulnerability arises because the plugin does not restrict URL schemes in links created from workspace content, allowing the javascript: scheme and enabling stored XSS when an attacker can control the input file for the Anchor Chain post-...
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...