VYPR
Medium severity5.4NVD Advisory· Published Apr 2, 2023· Updated Jun 17, 2026

CVE-2023-28670

CVE-2023-28670

Description

Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.paul8620.jenkins.plugins:pipeline-aggregator-viewMaven
< 1.141.14

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

1