Количество 3
Количество 3
CVE-2023-35145
Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.
CVE-2023-35145
Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.
GHSA-wmxx-2pvr-x7j6
Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-35145 Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission. | CVSS3: 8 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-35145 Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission. | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад |
| GHSA-wmxx-2pvr-x7j6 Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting | CVSS3: 8 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу