Headline
GHSA-jwx3-2hq3-682c: Jenkins Edgewall Trac Plugin vulnerable to Stored XSS
Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS
High severity GitHub Reviewed Published Oct 25, 2023 to the GitHub Advisory Database • Updated Oct 30, 2023
Related news
CVE-2023-46650: security - Multiple vulnerabilities in Jenkins plugins
Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.