Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2022-03-15T16:45:40
Updated: 2024-08-03T05:25:32.462Z
Reserved: 2022-03-15T00:00:00
Link: CVE-2022-27197
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-03-15T17:15:10.077
Modified: 2023-11-22T21:23:09.307
Link: CVE-2022-27197
Redhat
No data.