1 results (0.007 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El complemento Jenkins Associated Files 0.2.1 y versiones anteriores no escapa a los nombres de los archivos asociados, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) almacenadas que pueden explotar los atacantes con permiso Item/Configure. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2947 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •