Vulnerabilities > Jenkins > CVS

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2022-29037 Cross-site Scripting vulnerability in Jenkins CVS
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
2020-12-03 CVE-2020-2324 XXE vulnerability in Jenkins CVS
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
7.5