org.jenkins-ci.plugins, htmlpublisher is vulnerable to Cross-Site Scripting. The vulnerability is due to publishReports
function within HtmlPublisher.java
not having proper input sanitization, This flow allows attackers with Item/Configure permission to inject malicious scripts into job names, report names, and index page titles displayed as part of the report frame.
CPE | Name | Operator | Version |
---|---|---|---|
html publisher plugin | le | 1.32 | |
html publisher plugin | le | 1.32 |