CVE-2024-28150
CVE-2024-28150
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
06 Mar 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Affected products
Jenkins Project · Jenkins HTML Publisher PluginWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →