Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20 matches found

RedhatCVE
RedhatCVEadded 2025/05/22 10:42 p.m.4 views

CVE-2022-29042

Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configu...

5.4CVSS5.4AI score0.00217EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2022/06/24 12:0 a.m.41 views

Cross-site Scripting in Jenkins Maven Metadata Plugin

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.17548EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2022/06/23 5:15 p.m.2 views

CVE-2022-34188

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.7AI score0.07543EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/06/23 5:15 p.m.2 views

CVE-2022-34196

Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.16751EPSS
Exploits0References2
OSV
OSVadded 2022/06/23 5:15 p.m.0 views

CVE-2022-34190

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score
Exploits0References1
OSV
OSVadded 2022/06/23 5:15 p.m.0 views

CVE-2022-34189

Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/06/23 5:15 p.m.2 views

CVE-2022-34197

Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.09474EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2022/06/23 5:15 p.m.2 views

CVE-2022-34185

Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.16751EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2022/06/17 5:40 a.m.2 views

credentials: Stored XSS vulnerabilities in jenkins plugin

A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.00355EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2022/06/17 5:40 a.m.3 views

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

5.4CVSS5.7AI score0.00096EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2022/05/24 5:28 p.m.22 views

Stored XSS vulnerability in Validating String Parameter Plugin

Validating String Parameter Plugin 2.4 and earlier does not escape regular expressions in tooltips. Additionally, Validating String Parameter Plugin 2.4 does not escape parameter names and parameter descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by...

5.4CVSS5AI score0.00233EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/05/18 12:0 a.m.32 views

GHSA-5PMP-7WC9-V7VW Cross-site Scripting in Jenkins JDK Parameter Plugin

Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters. This results in stored cross-site scripting XSS vulnerabilities exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability...

8CVSS5.8AI score0.00217EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2022/05/17 12:0 a.m.1 views

PT-2022-20419 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins JDK Parameter Plugin version 1.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which is exploitable by attackers with Item/Configure permission. This occurs because the plugin does not...

8CVSS5.7AI score0.00217EPSS
Exploits0References7
OSV
OSVadded 2022/05/13 1:2 a.m.0 views

GHSA-R69C-5J7C-VM6Q Cross-site Scripting in Jenkins

Jenkins before versions 2.44 and 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...

5.4CVSS6.8AI score0.00328EPSS
Exploits0References11
RedHat Linux
RedHat Linuxadded 2022/05/02 6:23 p.m.2 views

credentials: Stored XSS vulnerabilities in jenkins plugin

A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.00355EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2022/04/12 8:15 p.m.2 views

CVE-2022-29036

Jenkins Credentials Plugin 1111.v35a307992395 and earlier, except 1087.1089.v2f1b9ab040e4, 1074.1076.v39c30cecb0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability...

5.4CVSS6AI score0.00355EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2022/04/12 8:15 p.m.2 views

CVE-2022-29038

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6AI score0.00389EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2022/03/22 5:31 p.m.2 views

credentials: Stored XSS vulnerabilities in jenkins plugin

A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.00355EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2020/10/08 12:0 a.m.3 views

PT-2020-15519 · Jenkins · Jenkins Active Choices Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Active Choices Plugin versions 2.4 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because the name and description of build parameters are not properly escaped. This vulnerability can be...

5.4CVSS5.2AI score0.00205EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2018/05/10 12:0 a.m.1 views

PT-2018-7128 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.44 Jenkins versions prior to 2.32.2 Description: The issue concerns a persisted cross-site scripting vulnerability in parameter names and descriptions. Users with the permission to configure jobs were able to injec...

6.1CVSS5.8AI score0.00328EPSS
Exploits0References14
Rows per page
Query Builder