Filtered by vendor Jenkins Subscriptions
Filtered by product Sonargraph Integration Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-35145 1 Jenkins 1 Sonargraph Integration 2024-11-21 5.4 Medium
Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.
CVE-2020-2201 1 Jenkins 1 Sonargraph Integration 2024-11-21 5.4 Medium
Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability.