9 matches found
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2026-44002
A flaw was found in vm2 before 3.11.0. The CallSite wrapper blocks getThis and getFunction but returns unsanitized host absolute paths from getFileName, allowing sandboxed code to learn host directory layout, library paths, and framework versions. Fixed in 3.11.0...
GHSA-F8H4-46XV-H7JJ Jenkins HTML Publisher Plugin has a XSS vulnerability in the legacy wrapper file
Jenkins HTML Publisher Plugin versoins 427 and earlier do not escape the job name and URL in the legacy wrapper file. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. HTML Publisher Plugin 427.1 escapes job name and URL when...
Jenkins HTML Publisher Plugin has a XSS vulnerability in the legacy wrapper file
Jenkins HTML Publisher Plugin versoins 427 and earlier do not escape the job name and URL in the legacy wrapper file. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. HTML Publisher Plugin 427.1 escapes job name and URL when...
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
EUVD-2026-26226
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
PT-2026-35918
Name of the Vulnerable Software and Affected Versions Jenkins HTML Publisher Plugin versions prior to 428 Description Stored cross-site scripting XSS occurs because the legacy wrapper file fails to escape the job name and URL. This allows attackers with Item/Configure permissions to execute...