Export limit exceeded: 44566 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44566 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2222 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2221 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2220 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2219 | 1 Jenkins | 1 Link Column | 2024-11-21 | 5.4 Medium |
| Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2217 | 1 Praqma | 1 Compatibility Action Storage | 2024-11-21 | 6.1 Medium |
| Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2020-2214 | 1 Jenkins | 1 Zap Pipeline | 2024-11-21 | 5.4 Medium |
| Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2020-2207 | 1 Jenkins | 1 Vncviewer | 2024-11-21 | 6.1 Medium |
| Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2020-2206 | 1 Jenkins | 1 Vncrecorder | 2024-11-21 | 6.1 Medium |
| Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2020-2205 | 1 Jenkins | 1 Vncrecorder | 2024-11-21 | 4.8 Medium |
| Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators. | ||||
| CVE-2020-2201 | 1 Jenkins | 1 Sonargraph Integration | 2024-11-21 | 5.4 Medium |
| Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2199 | 1 Jenkins | 1 Subversion Partial Release Manager | 2024-11-21 | 6.1 Medium |
| Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | ||||
| CVE-2020-2195 | 1 Jenkins | 1 Compact Columns | 2024-11-21 | 5.4 Medium |
| Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. | ||||
| CVE-2020-2194 | 1 Jenkins | 1 Echarts Api | 2024-11-21 | 5.4 Medium |
| Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2193 | 1 Jenkins | 1 Echarts Api | 2024-11-21 | 5.4 Medium |
| Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2190 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2176 | 1 Jenkins | 1 Usemango Runner | 2024-11-21 | 5.4 Medium |
| Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service. | ||||
| CVE-2020-2175 | 1 Jenkins | 1 Fitnesse | 2024-11-21 | 5.4 Medium |
| Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin. | ||||
| CVE-2020-2174 | 1 Jenkins | 1 Awseb Deployment | 2024-11-21 | 6.1 Medium |
| Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability. | ||||
| CVE-2020-2173 | 1 Jenkins | 1 Gatling | 2024-11-21 | 5.4 Medium |
| Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content. | ||||
| CVE-2020-2170 | 1 Jenkins | 1 Rapiddeploy | 2024-11-21 | 5.4 Medium |
| Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. | ||||