Lucene search
HistoryFeb 15, 2023 - 2:15 p.m.
CVE-2023-25763
jenkins
email extension plugin
xss
vulnerability
cve-2023-25763
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
32.2%
Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields.
Affected configurations
Node
jenkinsemail_extensionRange<2.93.1jenkins
Related
prion
prion
Cross site scripting
2023-02-15 14:15:00
osv
osv
Cross-site Scripting in Jenkins Email Extension Plugin
2023-02-15 15:30:41
CVE-2023-25763
2023-02-15 14:15:13
cve
cve
CVE-2023-25763
2023-02-15 14:15:13
github
github
Cross-site Scripting in Jenkins Email Extension Plugin
2023-02-15 15:30:41
cvelist
cvelist
CVE-2023-25763
2023-02-15 00:00:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
32.2%
Related for NVD:CVE-2023-25763