VYPR

HTML Publisher

by Jenkins Project

CVEs (1)

  • CVE-2026-42524HigApr 29, 2026
    risk 0.52cvss 8.0epss 0.00

    Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.