Vulnerabilities > Jenkins > Pipeline Aggregator View
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-02 | CVE-2023-28670 | Cross-site Scripting vulnerability in Jenkins Pipeline Aggregator View Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission. | 5.4 |
| 2019-12-17 | CVE-2019-16564 | Cross-site Scripting vulnerability in Jenkins Pipeline Aggregator View Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names. | 5.4 |