CVE-2026-42523

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

PT-2026-35917

Name of the Vulnerable Software and Affected Versions Jenkins GitHub Plugin versions prior to 1.46.1 Description Improper processing of the current job URL within the JavaScript used to validate the "GitHub hook trigger for GITScm polling" feature allows non-anonymous attackers with Overall/Read...

Jenkins GitHub Plugin 跨站脚本漏洞

The Jenkins GitHub Plugin is an open-source plugin for Jenkins that provides integration with code hosting platforms for continuous integration systems. The Jenkins GitHub Plugin versions 1.46.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improper...

CVE-2023-32072 Tuleap vulnerable toXSS via the triggered job URL of a Jenkins job

Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git...