2 matches found
GHSA-V46Q-XJP5-7P6R Stored XSS vulnerability in Jenkins Cadence vManager Plugin
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission. Cadence vManager Plugin 3.0.5 removes affected tooltips...
GHSA-Q397-W28F-JX97 Stored XSS vulnerability in Jenkins ECharts API Plugin
ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart. This results in a stored cross-site scripting XSS vulnerability that can be exploited by users with Run/Update permission. ECharts API Plugin 4.7.0-4 escapes the display name...