CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29037

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.275

EPSS Ranking 96.1%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

Products affected by CVE-2022-29037

Jenkins » Cvs » Version: 1.3

cpe:2.3:a:jenkins:cvs:1.3
Jenkins » Cvs » Version: 1.4

cpe:2.3:a:jenkins:cvs:1.4
Jenkins » Cvs » Version: 1.5

cpe:2.3:a:jenkins:cvs:1.5
Jenkins » Cvs » Version: 1.6

cpe:2.3:a:jenkins:cvs:1.6
Jenkins » Cvs » Version: 2.0

cpe:2.3:a:jenkins:cvs:2.0
Jenkins » Cvs » Version: 2.1

cpe:2.3:a:jenkins:cvs:2.1
Jenkins » Cvs » Version: 2.10

cpe:2.3:a:jenkins:cvs:2.10
Jenkins » Cvs » Version: 2.11

cpe:2.3:a:jenkins:cvs:2.11
Jenkins » Cvs » Version: 2.12

cpe:2.3:a:jenkins:cvs:2.12
Jenkins » Cvs » Version: 2.13

cpe:2.3:a:jenkins:cvs:2.13
Jenkins » Cvs » Version: 2.14

cpe:2.3:a:jenkins:cvs:2.14
Jenkins » Cvs » Version: 2.15

cpe:2.3:a:jenkins:cvs:2.15
Jenkins » Cvs » Version: 2.16

cpe:2.3:a:jenkins:cvs:2.16
Jenkins » Cvs » Version: 2.17

cpe:2.3:a:jenkins:cvs:2.17
Jenkins » Cvs » Version: 2.18

cpe:2.3:a:jenkins:cvs:2.18
Jenkins » Cvs » Version: 2.19

cpe:2.3:a:jenkins:cvs:2.19
Jenkins » Cvs » Version: 2.2

cpe:2.3:a:jenkins:cvs:2.2
Jenkins » Cvs » Version: 2.3

cpe:2.3:a:jenkins:cvs:2.3
Jenkins » Cvs » Version: 2.4

cpe:2.3:a:jenkins:cvs:2.4
Jenkins » Cvs » Version: 2.5

cpe:2.3:a:jenkins:cvs:2.5
Jenkins » Cvs » Version: 2.6

cpe:2.3:a:jenkins:cvs:2.6
Jenkins » Cvs » Version: 2.7

cpe:2.3:a:jenkins:cvs:2.7
Jenkins » Cvs » Version: 2.8

cpe:2.3:a:jenkins:cvs:2.8
Jenkins » Cvs » Version: 2.9

cpe:2.3:a:jenkins:cvs:2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29037

Products

Pricing

Contact Us