CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-28670

Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.6%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2023-28670

Jenkins » Pipeline Aggregator View » Version: 1.0

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.0
Jenkins » Pipeline Aggregator View » Version: 1.1

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.1
Jenkins » Pipeline Aggregator View » Version: 1.11

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.11
Jenkins » Pipeline Aggregator View » Version: 1.12

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.12
Jenkins » Pipeline Aggregator View » Version: 1.13

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.13
Jenkins » Pipeline Aggregator View » Version: 1.2

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.2
Jenkins » Pipeline Aggregator View » Version: 1.3

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.3
Jenkins » Pipeline Aggregator View » Version: 1.4

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.4
Jenkins » Pipeline Aggregator View » Version: 1.5

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.5
Jenkins » Pipeline Aggregator View » Version: 1.6

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.6
Jenkins » Pipeline Aggregator View » Version: 1.7

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.7
Jenkins » Pipeline Aggregator View » Version: 1.8

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.8
Jenkins » Pipeline Aggregator View » Version: 1.9

cpe:2.3:a:jenkins:pipeline_aggregator_view:1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-28670

Products

Pricing

Contact Us