CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4441
https://notcve.org/view.php?id=CVE-2012-4441
18 Nov 2019 — Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos inyectar script web o HTML arbitrario en el plugin CI game. • http://www.openwall.com/lists/oss-security/2012/09/21/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4440
https://notcve.org/view.php?id=CVE-2012-4440
18 Nov 2019 — Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos inyectar script web o HTML arbitrario en el plugin Violations. • http://www.openwall.com/lists/oss-security/2012/09/21/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4439
https://notcve.org/view.php?id=CVE-2012-4439
18 Nov 2019 — Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una URL diseñada que apunta a Jenkins. • http://www.openwall.com/lists/oss-security/2012/09/21/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4438
https://notcve.org/view.php?id=CVE-2012-4438
18 Nov 2019 — Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code. Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos con acceso de lectura y acceso HTTP al maestro Jenkins insertar datos y ejecutar código arbitrario. • http://www.openwall.com/lists/oss-security/2012/09/21/2 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10401
https://notcve.org/view.php?id=CVE-2019-10401
25 Sep 2019 — In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure). En Jenkins versiones 2.196 y anteriores, versiones LTS 2.176.3 y anteriores, el control del formulario f:expandableTextBox interpretaba su contenido como HTML cuando se expandía, resultando en una vulnerabilidad de tipo XSS almacenada explotable ... • http://www.openwall.com/lists/oss-security/2019/09/25/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10404
https://notcve.org/view.php?id=CVE-2019-10404
25 Sep 2019 — Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors. Jenkins versiones 2.196 y anteriores, LTS versiones 2.176.3 y anteriores, no escaparon a la razón por la cual los elementos de la cola se borran en la información sobre herramientas (tooltips), resultando en una ... • http://www.openwall.com/lists/oss-security/2019/09/25/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10402
https://notcve.org/view.php?id=CVE-2019-10402
25 Sep 2019 — In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents. En Jenkins versiones 2.196 y anteriores, versiones LTS 2.176.3 y anteriores, el control del formulario f: combobox interpretaba las etiquetas de sus elementos como HTML, resultando en una vulnerabilidad de tipo XSS almacenada explotable por aquellos usuarios con permiso para definir su cont... • http://www.openwall.com/lists/oss-security/2019/09/25/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10406
https://notcve.org/view.php?id=CVE-2019-10406
25 Sep 2019 — Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. Jenkins versiones 2.196 y anteriores, versiones LTS 2.176.3 y anteriores, no restringe ni filtra los valores establecidos como URL de Jenkins en la configuración global, resultando en una vulnerabilidad de tipo XSS almacenada explotable por aquellos atacantes con permiso Genera... • http://www.openwall.com/lists/oss-security/2019/09/25/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 16%CPEs: 2EXPL: 0CVE-2019-10405
https://notcve.org/view.php?id=CVE-2019-10405
25 Sep 2019 — Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly. Jenkins versiones 2.196 y anteriores, versiones LTS 2.176.3 y anteriores, imprimieron el valor del encabezado de petición HTTP "Cookie" en /whoAmI/URL, permitiendo a atacantes que explotan otra vulnerabilidad de tipo XSS obtener la cookie de sesión HTTP a pesar ... • http://www.openwall.com/lists/oss-security/2019/09/25/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10403
https://notcve.org/view.php?id=CVE-2019-10403
25 Sep 2019 — Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions. Jenkins versiones 2.196 y anteriores, versiones LTS 2.176.3 y anteriores, no escaparon al nombre de la etiqueta SCM en la información sobre herramientas (tooltip) para las acciones de la etiqueta SCM, resultando en una vulnerabilidad de tipo XSS almacenada explotable por parte de us... • http://www.openwall.com/lists/oss-security/2019/09/25/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •