Lucene search
GoogleOSV:GHSA-W43X-5F8F-686PHistoryMay 24, 2022 - 5:23 p.m.
Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin
2022-05-2417:23:39
Google
osv.dev
8
stored xss
jenkins
matrix project plugin
vulnerability
software
EPSS
0.001
Percentile
22.0%
Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission.
Matrix Project Plugin 1.17 escapes the axis names shown in these tooltips.
Related
cve
cve
CVE-2020-2225
2020-07-15 18:15:37
osv
osv
CVE-2020-2225
2020-07-15 18:15:37
veracode
veracode
Cross-Site Scripting (XSS)
2020-08-19 02:50:00
prion
prion
Cross site scripting
2020-07-15 18:15:00
redhatcve
redhatcve
CVE-2020-2225
2020-07-15 21:07:49
nvd
nvd
CVE-2020-2225
2020-07-15 18:15:37
cvelist
cvelist
CVE-2020-2225
2020-07-15 17:00:28
github
github
nessus
nessus
RHEL 7 : OpenShift Container Platform 4.5.6 (RHSA-2020:3453)
2020-08-18 00:00:00
redhat
redhat