Логотип exploitDog
bind:CVE-2025-30196
Консоль
Логотип exploitDog

exploitDog

bind:CVE-2025-30196

Количество 2

Количество 2

nvd логотип

CVE-2025-30196

5 месяцев назад

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-xxrg-mg63-qfpj

5 месяцев назад

Jenkins AnchorChain Plugin Has a Cross-Site Scripting (XSS) Vulnerability

CVSS3: 8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2025-30196

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step.

CVSS3: 6.5
0%
Низкий
5 месяцев назад
github логотип
GHSA-xxrg-mg63-qfpj

Jenkins AnchorChain Plugin Has a Cross-Site Scripting (XSS) Vulnerability

CVSS3: 8
0%
Низкий
5 месяцев назад

Уязвимостей на страницу