CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/06/23 5:15 p.m.•2 views

CVE-2022-34185

Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.3AI score

ATTACKERKB•added 2022/06/23 5:15 p.m.•2 views

CVE-2022-34187

Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.07543EPSS

Cvelist•added 2022/06/22 2:41 p.m.•17 views

CVE-2022-34190

6.9AI score0.17548EPSS

Positive Technologies•added 2022/06/22 12:0 a.m.•4 views

PT-2022-22057 · Jenkins · Jenkins Image Tag Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Image Tag Parameter Plugin versions 1.10 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Image Tag Parameter Plugin does not escape the name and description of Imag...

8CVSS5.7AI score0.16751EPSS

Exploits0References6

Positive Technologies•added 2022/06/22 12:0 a.m.•2 views

PT-2022-22061 · Jenkins +1 · Jenkins +2

Name of the Vulnerable Software and Affected Versions: Jenkins ontrack Jenkins Plugin versions 4.0.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the plugin does not escape the name of certain parameters on views displaying parameters...

8CVSS5.7AI score0.16751EPSS

Exploits0References7

Positive Technologies•added 2022/06/22 12:0 a.m.•3 views

PT-2022-22062 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Package Version Plugin versions 1.0.1 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Package Version Plugin does not escape the name of Package version parameters ...

8CVSS5.7AI score0.17548EPSS

RedHat Linux•added 2022/06/10 5:2 a.m.•4 views

credentials: Stored XSS vulnerabilities in jenkins plugin

A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.00355EPSS

RedHat Linux•added 2022/06/10 5:2 a.m.•4 views

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

5.4CVSS5.7AI score0.00096EPSS

Veracode•added 2022/06/03 2:55 p.m.•25 views

Cross-site Scripting (XSS)

jenkins is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization of the name and description of List Subversion tags and more parameters on views displaying parameters...

5.4CVSS5.9AI score0.00096EPSS

Exploits0References8Affected Software1

RedHat Linux•added 2022/05/31 5:45 a.m.•3 views

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

5.4CVSS5.7AI score0.00096EPSS

RedHat Linux•added 2022/05/18 12:3 p.m.•3 views

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

5.4CVSS5.7AI score0.00096EPSS

ATTACKERKB•added 2022/05/17 3:15 p.m.•1 views

CVE-2022-30962

Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

ATTACKERKB•added 2022/05/17 3:15 p.m.•2 views

CVE-2022-30965

Jenkins Promoted Builds Simple Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

OSV•added 2022/05/17 3:15 p.m.•2 views

CVE-2022-30966

Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6AI score0.00166EPSS

ATTACKERKB•added 2022/05/17 3:15 p.m.•3 views

CVE-2022-30964

Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

RedHat Linux•added 2022/05/02 6:23 p.m.•3 views

Jira: Stored XSS vulnerabilities in Jenkins Jira plugin

A flaw was found in the Jenkins Jira plugin. The Jenkins Jira plugin does not escape the name and description of a Jira Issue and Jira Release Version parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with...

5.4CVSS5.7AI score0.00217EPSS

ATTACKERKB•added 2022/04/12 8:15 p.m.•3 views

CVE-2022-29041

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

OSV•added 2022/04/12 8:15 p.m.•2 views

CVE-2022-29038

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6AI score

ATTACKERKB•added 2022/04/12 8:15 p.m.•1 views

CVE-2022-29037

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6AI score0.00389EPSS