Vulnerabilities > Jenkins > Update Center2 > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-03-10 CVE-2023-27905 Cross-site Scripting vulnerability in Jenkins Update-Center2 3.13/3.14
Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.
network
low complexity
jenkins CWE-79
critical
9.6