Maven package
org.jenkins-ci.plugins/dashboard-view
pkg:maven/org.jenkins-ci.plugins/dashboard-view
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-27197 | — | < 2.18.1 | 2.18.1 | Mar 15, 2022 | Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. | ||
| CVE-2021-21649 | — | >= 2.13, < 2.16 | 2.16 | May 11, 2021 | Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | ||
| CVE-2019-10396 | — | < 2.12 | 2.12 | Sep 12, 2019 | Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. |
- CVE-2022-27197Mar 15, 2022affected < 2.18.1fixed 2.18.1
Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.
- CVE-2021-21649May 11, 2021affected >= 2.13, < 2.16fixed 2.16
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.
- CVE-2019-10396Sep 12, 2019affected < 2.12fixed 2.12
Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions.