CVE-2026-42524
HIGH8.0EPSS 0.05%Jenkins HTML Publisher Plugin has a XSS vulnerability in the legacy wrapper file
發布日:2026/4/29修改日:2026/5/6
描述
Jenkins HTML Publisher Plugin versoins 427 and earlier do not escape the job name and URL in the legacy wrapper file. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. HTML Publisher Plugin 427.1 escapes job name and URL when generating the legacy wrapper file.
受影響套件(1)
- Maven/org.jenkins-ci.plugins:htmlpublisherfrom 0, < 427.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |