12 matches found
EUVD-2023-1427
Malicious code in bioql PyPI...
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...
GHSA-XJ29-GFWW-J67G Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action. Version 3.3.2.1 escapes clas...
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...
Cross site scripting
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...
CVE-2023-28669
Summary: Jenkins JaCoCo Plugin versions 3.3.2 and earlier are vulnerable to stored XSS due to failure to escape class and method names in the UI. The vulnerability is exploitable by attackers who can control input files used by the ‘Record JaCoCo coverage report’ post-build action. A fix exists i...
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...
PT-2023-21890 · Jenkins · Jenkins Jacoco Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins JaCoCo Plugin versions 3.3.2 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability. It occurs because class and method names shown on the UI are not escaped, allowing attackers who can control input fil...
Jenkins Plugins JaCoCo 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...