Latest Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-2270 Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
network
CWE-79
3.5
2020-09-16 CVE-2020-2269 Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views.
network
CWE-79
3.5
2020-09-16 CVE-2020-2266 Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
network
CWE-79
3.5
2020-09-16 CVE-2020-2264 Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
network
CWE-79
3.5
2020-09-16 CVE-2020-2263 Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
network
CWE-79
3.5
2020-09-16 CVE-2020-2262 Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step.
network
CWE-79
3.5
2020-09-16 CVE-2020-2259 Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
network
CWE-79
3.5
2020-09-16 CVE-2020-2257 Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
network
CWE-79
3.5
2020-09-16 CVE-2020-2256 Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
network
CWE-79
3.5
2020-09-15 CVE-2020-15179 The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. 0.0