cbcvebase.
CVE-2019-10475
published 2019-10-23

CVE-2019-10475: A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided…

medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

Affected

12 ranges
VendorProductVersion rangeFixed in
jenkinsbitbucket_oauth_plugin
jenkinsbuild-metrics<= 1.3
jenkinsdeploy_weblogic_plugin
jenkinsdynatrace_application_monitoring_plugin
jenkinsglobal_post_script_plugin
jenkinsids_in_libvirt_agents_plugin
jenkinsids_to_allow_users_configuring_the_plugin
jenkinslibvirt_agents_plugin
jenkinsmattermost_notification_plugin
jenkinssonar_gerrit_plugin
jenkinszulip_plugin
jenkins_projectjenkins_build-metrics_plugin