Lucene search
Veracode Vulnerability DatabaseVERACODE:45840HistoryMar 12, 2024 - 7:03 a.m.
Cross Site Scripting(XSS)
2024-03-1207:03:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
jenkins
html publisher plugin
cross site scripting
input sanitization
attackers
permission
file system
5.6 Medium
AI Score
Confidence
High
Jenkins HTML Publisher Plugin is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper input sanitization, allowing attackers with Item/Configure permission to execute XSS attacks and determine the existence of paths on the Jenkins controller file system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| html publisher plugin | le | 1.32 | |
| html publisher plugin | le | 1.32 |
Related
github
github
Jenkins HTML Publisher Plugin does not properly sanitize input
2024-03-06 18:30:38
prion
prion
Cross site scripting
2024-03-06 17:15:00
osv
osv
Jenkins HTML Publisher Plugin does not properly sanitize input
2024-03-06 18:30:38
cve
cve
CVE-2024-28149
2024-03-06 17:15:10
cvelist
cvelist
CVE-2024-28149
2024-03-06 17:01:53
nvd
nvd
CVE-2024-28149
2024-03-06 17:15:10
redhatcve
redhatcve
CVE-2024-28149
2024-03-06 18:46:40
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2024-03-06)
2024-03-07 00:00:00