Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-mv77-fj63-q5w8: Stored XSS vulnerability in Jenkins GitHub Plugin

Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

ghsa
#xss#vulnerability#git

Stored XSS vulnerability in Jenkins GitHub Plugin

High severity GitHub Reviewed Published Oct 25, 2023 to the GitHub Advisory Database • Updated Oct 30, 2023

Related news

CVE-2023-46650: security - Multiple vulnerabilities in Jenkins plugins

Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP