VYPR
High severityNVD Advisory· Published Mar 23, 2023· Updated Feb 24, 2025

CVE-2023-28679

CVE-2023-28679

Description

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
javagh.jenkins:mashup-portlets-pluginMaven
<= 1.1.2

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

1