Lucene search
+L

5 matches found

OSV
OSV
added 2022/06/24 12:0 a.m.1 views

GHSA-MHP7-3393-PFQR Cross-site Scripting vulnerability in Jenkins

Since Jenkins 2.340, symbol-based icons unescape previously escaped values of tooltip parameters. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability. Symbol-based icons no longer unescap...

8CVSS6.3AI score0.01361EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.1 views

CVE-2022-34172

In Jenkins 2.340 through 2.355 both inclusive symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting XSS vulnerability...

5.4CVSS6.2AI score0.01361EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2020/10/22 10:49 a.m.6 views

jenkins: user-specified tooltip values leads to stored cross-site scripting

A flaw was found in Jenkins in versions prior to 2.251 and LTS 2.235.3. Tooltip values, which are not properly escaped, can be contributed by plugins and use user-specified values. This results in a potential stored cross-site scripting XSS vulnerability. This highest threat from this vulnerabili...

5.4CVSS5.5AI score0.06765EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2020/09/30 6:56 p.m.6 views

jenkins: user-specified tooltip values leads to stored cross-site scripting

A flaw was found in Jenkins in versions prior to 2.251 and LTS 2.235.3. Tooltip values, which are not properly escaped, can be contributed by plugins and use user-specified values. This results in a potential stored cross-site scripting XSS vulnerability. This highest threat from this vulnerabili...

5.4CVSS5.5AI score0.06765EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2020/09/23 12:46 p.m.8 views

jenkins: user-specified tooltip values leads to stored cross-site scripting

A flaw was found in Jenkins in versions prior to 2.251 and LTS 2.235.3. Tooltip values, which are not properly escaped, can be contributed by plugins and use user-specified values. This results in a potential stored cross-site scripting XSS vulnerability. This highest threat from this vulnerabili...

5.4CVSS5.5AI score0.06765EPSS
Exploits3References5
Rows per page
Query Builder