← Back

Cvs

cvs

Vendor: Jenkins • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-29037
1Jenkins
1Cvs
Nov 21, 2024
Apr 12, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by a...Show more
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.Show less
CVE-2020-2324
1Jenkins
1Cvs
Nov 21, 2024
Dec 3, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.