Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
8.8CVSS
8.6AI Score
0.001EPSS
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.
5.4CVSS
5.3AI Score
0.001EPSS