Jenkins Embeddable Build Status Plugin contains Cross-site Scripting

2022-05-2416:50:03

Google

osv.dev

0.002 Low

EPSS

Percentile

57.7%

JSON

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.

References

www.openwall.com/lists/oss-security/2019/07/11/4

www.securityfocus.com/bid/109156

github.com/jenkinsci/embeddable-build-status-plugin

jenkins.io/security/advisory/2019-07-11/#SECURITY-1419

nvd.nist.gov/vuln/detail/CVE-2019-10346

0.002 Low

EPSS

Percentile

57.7%

JSON

Related for OSV:GHSA-94RJ-C4JJ-V476