Количество 2
Количество 2
CVE-2018-1000177
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
GHSA-3892-qqv6-h2qm
Stored XSS vulnerability in Jenkins S3 Publisher Plugin
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-1000177 A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions. | CVSS3: 5.4 | 0% Низкий | почти 8 лет назад |
| GHSA-3892-qqv6-h2qm Stored XSS vulnerability in Jenkins S3 Publisher Plugin | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу