Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (43478 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-2217 1 Praqma 1 Compatibility Action Storage 2024-11-21 6.1 Medium
Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
CVE-2020-2214 1 Jenkins 1 Zap Pipeline 2024-11-21 5.4 Medium
Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CVE-2020-2207 1 Jenkins 1 Vncviewer 2024-11-21 6.1 Medium
Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
CVE-2020-2206 1 Jenkins 1 Vncrecorder 2024-11-21 6.1 Medium
Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
CVE-2020-2205 1 Jenkins 1 Vncrecorder 2024-11-21 4.8 Medium
Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators.
CVE-2020-2201 1 Jenkins 1 Sonargraph Integration 2024-11-21 5.4 Medium
Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2199 1 Jenkins 1 Subversion Partial Release Manager 2024-11-21 6.1 Medium
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.
CVE-2020-2195 1 Jenkins 1 Compact Columns 2024-11-21 5.4 Medium
Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.
CVE-2020-2194 1 Jenkins 1 Echarts Api 2024-11-21 5.4 Medium
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2193 1 Jenkins 1 Echarts Api 2024-11-21 5.4 Medium
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2190 2 Jenkins, Redhat 2 Script Security, Openshift 2024-11-21 5.4 Medium
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2176 1 Jenkins 1 Usemango Runner 2024-11-21 5.4 Medium
Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service.
CVE-2020-2175 1 Jenkins 1 Fitnesse 2024-11-21 5.4 Medium
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin.
CVE-2020-2174 1 Jenkins 1 Awseb Deployment 2024-11-21 6.1 Medium
Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability.
CVE-2020-2173 1 Jenkins 1 Gatling 2024-11-21 5.4 Medium
Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content.
CVE-2020-2170 1 Jenkins 1 Rapiddeploy 2024-11-21 5.4 Medium
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
CVE-2020-2169 1 Jenkins 1 Queue Cleanup 2024-11-21 6.1 Medium
A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.
CVE-2020-2163 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 5.4 Medium
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.
CVE-2020-2162 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 5.4 Medium
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.
CVE-2020-2161 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 5.4 Medium
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.