CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28670
https://notcve.org/view.php?id=CVE-2023-28670
Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission. • https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-2885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16564
https://notcve.org/view.php?id=CVE-2019-16564
Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names. Jenkins Pipeline Aggregator View Plugin versión 1.8 y anteriores, no escapan a la información mostrada en su vista, resultando en una vulnerabilidad de tipo XSS almacenado explotable por parte de los atacantes capaces de afectar el contenido de la vista, tales como el nombre a desplegar del trabajo o los nombres de etapa de la tubería. • http://www.openwall.com/lists/oss-security/2019/12/17/1 https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1593 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •