Vulnerability Details CVE-2020-2194
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.3%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2020-2194
-
cpe:2.3:a:jenkins:echarts_api:4.4.0-1
-
cpe:2.3:a:jenkins:echarts_api:4.4.0-2
-
cpe:2.3:a:jenkins:echarts_api:4.4.0-3
-
cpe:2.3:a:jenkins:echarts_api:4.4.0-4
-
cpe:2.3:a:jenkins:echarts_api:4.4.0-5
-
cpe:2.3:a:jenkins:echarts_api:4.4.0-6
-
cpe:2.3:a:jenkins:echarts_api:4.4.0-7
-
cpe:2.3:a:jenkins:echarts_api:4.4.0-8
-
cpe:2.3:a:jenkins:echarts_api:4.6.0-1
-
cpe:2.3:a:jenkins:echarts_api:4.6.0-10
-
cpe:2.3:a:jenkins:echarts_api:4.6.0-2
-
cpe:2.3:a:jenkins:echarts_api:4.6.0-3
-
cpe:2.3:a:jenkins:echarts_api:4.6.0-4
-
cpe:2.3:a:jenkins:echarts_api:4.6.0-5
-
cpe:2.3:a:jenkins:echarts_api:4.6.0-7
-
cpe:2.3:a:jenkins:echarts_api:4.6.0-8
-
cpe:2.3:a:jenkins:echarts_api:4.6.0-9
-
cpe:2.3:a:jenkins:echarts_api:4.7.0-1
-
cpe:2.3:a:jenkins:echarts_api:4.7.0-2
-
cpe:2.3:a:jenkins:echarts_api:4.7.0-3