EPSS
Percentile
26.2%
github.com/woodpecker-ci/woodpecker is vulnerable to cross-site scripting. The vulnerability exists in BuildLog.vue due to lack of escaping in build logs which allows an attacker to inject and execute arbitrary javascript.
BuildLog.vue
github.com/advisories/GHSA-vmp5-c5hp-6c65
github.com/woodpecker-ci/woodpecker/commit/3064975afdbc29034e00b917a135593c51ee31fe
github.com/woodpecker-ci/woodpecker/pull/879
github.com/woodpecker-ci/woodpecker/pull/880
github.com/woodpecker-ci/woodpecker/releases/tag/v0.15.1