Vulnerabilities > Jenkins > Update Center2 > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-10 | CVE-2023-27905 | Cross-site Scripting vulnerability in Jenkins Update-Center2 3.13/3.14 Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting. | 9.6 |