Lucene search
JenkinsCVELIST:CVE-2023-43495HistorySep 20, 2023 - 4:06 p.m.
CVE-2023-43495
2023-09-2016:06:09
jenkins
www.cve.org
2
jenkins
lts
stored xss
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the ‘caption’ constructor parameter of ‘ExpandableDetailsNote’, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Jenkins",
"vendor": "Jenkins Project",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.424",
"versionType": "maven"
},
{
"lessThan": "2.414.*",
"status": "unaffected",
"version": "2.414.2",
"versionType": "maven"
}
]
}
]Related
osv
osv
Jenkins Cross-site Scripting vulnerability
2023-09-20 18:30:21
CVE-2023-43495
2023-09-20 17:15:11
BIT-jenkins-2023-43495
2024-03-06 10:54:50
alpinelinux
alpinelinux
CVE-2023-43495
2023-09-20 17:15:11
cve
cve
CVE-2023-43495
2023-09-20 17:15:11
nvd
nvd
CVE-2023-43495
2023-09-20 17:15:11
redhatcve
redhatcve
CVE-2023-43495
2023-09-22 11:54:51
prion
prion
Cross site scripting
2023-09-20 17:15:00
veracode
veracode
Cross-site Scripting
2023-09-25 07:18:08
github
github
Jenkins Cross-site Scripting vulnerability
2023-09-20 18:30:21
nessus
nessus
freebsd
freebsd
jenkins -- multiple vulnerabilities
2023-09-20 00:00:00
redos
redos
ROS-20240411-08
2024-04-11 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00