Vulnerabilities > Jenkins > Sitemonitor > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-29 | CVE-2022-28153 | Cross-site Scripting vulnerability in Jenkins Sitemonitor Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
| 2019-04-30 | CVE-2019-10317 | Improper Certificate Validation vulnerability in Jenkins Sitemonitor Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | 5.9 |