Vulnerabilities > Jenkins > Vncrecorder > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-02 | CVE-2020-2206 | Cross-site Scripting vulnerability in Jenkins Vncrecorder Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 |
| 2020-07-02 | CVE-2020-2205 | Cross-site Scripting vulnerability in Jenkins Vncrecorder Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators. | 4.8 |