Vulnerabilities > Jenkins > Global Build Stats > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-27207 | Cross-site Scripting vulnerability in Jenkins Global-Build-Stats Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | 4.8 |
| 2018-01-26 | CVE-2017-1000389 | Cross-site Scripting vulnerability in Jenkins Global-Build-Stats Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. | 4.3 |