CVE-2017-1000109

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 83.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Owasp Dependency-check

Timeline

PublishedOct 5

Latest updateMay 17

Description

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶Mavenorg.jenkins-ci.plugins:dependency-check-jenkins-plugin< 2.0.1.2

▶NVDjenkins/owasp_dependency-check51 versions+50

🔴Vulnerability Details

OSV

Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin↗2022-05-17

▶

GHSA

Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin↗2022-05-17

▶

CVEList

CVE-2017-1000109: The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulne↗2017-10-04

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2017-08-07↗2017-08-07

▶