Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2023-10-25T13:45:58.826Z
Updated: 2024-09-10T20:03:30.024Z
Reserved: 2023-10-24T16:05:00.960Z
Link: CVE-2023-46659
Vulnrichment
Updated: 2024-08-02T20:53:21.855Z
NVD
Status : Analyzed
Published: 2023-10-25T18:17:40.353
Modified: 2023-11-01T19:04:21.493
Link: CVE-2023-46659
Redhat
No data.