Lucene search
JenkinsCVE-2024-28150HistoryMar 06, 2024 - 5:15 p.m.
CVE-2024-28150
2024-03-0617:15:10
jenkins
web.nvd.nist.gov
41
jenkins
html publisher
plugin
xss
vulnerability
cve-2024-28150
nvd
security
Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CNA Affected
[
{
"vendor": "Jenkins Project",
"product": "Jenkins HTML Publisher Plugin",
"versions": [
{
"version": "0",
"versionType": "maven",
"lessThanOrEqual": "1.32",
"status": "affected"
}
],
"defaultStatus": "unaffected"
}
]Related
github
github
Jenkins HTML Publisher Plugin Stored XSS vulnerability
2024-03-06 18:30:38
prion
prion
Cross site scripting
2024-03-06 17:15:00
redhatcve
redhatcve
CVE-2024-28150
2024-03-06 18:46:50
osv
osv
Jenkins HTML Publisher Plugin Stored XSS vulnerability
2024-03-06 18:30:38
nvd
nvd
CVE-2024-28150
2024-03-06 17:15:10
cvelist
cvelist
CVE-2024-28150
2024-03-06 17:01:53
vulnrichment
vulnrichment
CVE-2024-28150
2024-03-06 17:01:53
veracode
veracode
Cross-site Scripting (XSS)
2024-03-11 05:22:10
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2024-03-06)
2024-03-07 00:00:00