CVE-2022-34790

Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-34790

Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

PT-2022-22342 · Jenkins · Jenkins Extreme Feedback Panel Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins eXtreme Feedback Panel Plugin versions 2.0.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the job names used in tooltips are not properly escaped, allowing attacke...

PT-2022-22338 · Jenkins · Jenkins Project Inheritance Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin versions 21.04.03 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability. It occurs because the reason a build is blocked in tooltips is not properly escaped, allowing...

PT-2020-15550 · Jenkins · Jenkins Static Analysis Utilities Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Static Analysis Utilities Plugin versions 1.96 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the annotation message in tooltips is not properly escaped, allowing...

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips

A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with a single axis which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...