Vulnerabilities > Jenkins > Favorite > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-15 CVE-2022-27196 Cross-site Scripting vulnerability in Jenkins Favorite
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.
network
low complexity
jenkins CWE-79
5.4
5.4
2017-11-01 CVE-2017-1000244 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Favorite
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
network
jenkins CWE-352
6.8
6.8