Описание
Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1764387jenkins-2-plugins: Stored XSS vulnerability in HTML Publisher Plugin
EPSS
Процентиль: 41%
0.00193
Низкий
5.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.4
nvd
больше 6 лет назад
Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those.
CVSS3: 5.4
github
больше 3 лет назад
Jenkins HTML Publisher Plugin vulnerable to Cross-site Scripting
EPSS
Процентиль: 41%
0.00193
Низкий
5.4 Medium
CVSS3