CVE-2023-35145

A flaw was found in the Jenkins Sonargraph Integration Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. This flaw allows a remote, authenticated attacker to inject malicious script into a Web page, which would be executed in a victim...

CVE-2023-35145

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...

GHSA-F799-HFG3-48JP Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin

Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation. This results in a stored cross-site scripting XSS vulnerability that can be exploited by users with Job/Configure permission. Sonargraph Integration Plugin 3.0.1 escapes the...

CloudBees Jenkins Sonargraph Integration Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Sonargraph Integration Plugin is used in one ...

CVE-2020-2201

The CVE-2020-2201 entry concerns Jenkins Sonargraph Integration Plugin versions 3.0.0 and earlier, where the Log file field form validation does not escape the file path, causing a stored cross-site scripting (XSS) vulnerability. Affected component: Sonargraph Integration Plugin; root cause: lack...