Lucene search
Veracode Vulnerability DatabaseVERACODE:43362HistorySep 25, 2023 - 7:18 a.m.
Cross-site Scripting
2023-09-2507:18:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
cross-site scripting
jenkins
vulnerability
improper sanitization
client-side
javascript
0.001 Low
EPSS
Percentile
38.4%
Jenkins is vulnerable to Cross Site Scripting. The vulnerability occurs due to improper sanitization of the caption constructor parameter in the ExpandableDetailsNote. The attacker can exploit this vulnerability by injecting malicious payload in the caption parameter resulting in the execution of JavaScript at client side.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins core | le | 2.423 | |
| jenkins core | le | 2.414.1 | |
| org.jenkins-ci.main:jenkins-core | le | 2.423 | |
| org.jenkins-ci.main:jenkins-core | le | 2.414.1 |
References
Related
cve
cve
CVE-2023-43495
2023-09-20 17:15:11
osv
osv
CVE-2023-43495
2023-09-20 17:15:11
Jenkins Cross-site Scripting vulnerability
2023-09-20 18:30:21
BIT-jenkins-2023-43495
2024-03-06 10:54:50
alpinelinux
alpinelinux
CVE-2023-43495
2023-09-20 17:15:11
cvelist
cvelist
CVE-2023-43495
2023-09-20 16:06:09
prion
prion
Cross site scripting
2023-09-20 17:15:00
redhatcve
redhatcve
CVE-2023-43495
2023-09-22 11:54:51
github
github
Jenkins Cross-site Scripting vulnerability
2023-09-20 18:30:21
nessus
nessus
freebsd
freebsd
jenkins -- multiple vulnerabilities
2023-09-20 00:00:00
redos
redos
ROS-20240411-08
2024-04-11 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00