CVE-2022-27197
https://notcve.org/view.php?id=CVE-2022-27197
Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. El Plugin Jenkins Dashboard View versiones 2.18 y anteriores, no lleva a cabo una comprobación de la URL para la URL de origen del Iframe Portlet, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes capaces de configurar las visualizaciones • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2559 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-21649
https://notcve.org/view.php?id=CVE-2021-21649
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. Jenkins Dashboard View Plugin versiones 2.15 y anteriores, no escapan a las URL a las que se hace referencia en los Portlets de Image Dashboard, lo que genera una vulnerabilidad de tipo cross-site scripting (XSS) almacenado que los atacantes con permiso View/Configure pueden aprovechar • https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2233 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-10396
https://notcve.org/view.php?id=CVE-2019-10396
Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. Jenkins Dashboard View Plugin versión 2.11 y anteriores, no escapa a las descripciones de compilación, resultando en una vulnerabilidad de tipo cross-site scripting explotable por parte de usuarios capaces de cambiar las descripciones de compilación. • http://www.openwall.com/lists/oss-security/2019/09/12/2 https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •