Описание
Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS)
Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control report file contents.
Пакеты
Наименование
org.jenkins-ci.plugins:cppcheck
maven
Затронутые версииВерсия исправления
<= 1.26
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
почти 3 года назад
Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control report file contents.