← back
CVE-2023-25764

CVE-2023-25764

CVSS 5.4 MEDIUMEPSS 0.6%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Feb 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N