cbcvebase.
CVE-2022-34783
published 2022-06-30

CVE-2022-34783: Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by…

PriorityP342medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
80.41%
99.6th percentile
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Affected

25 ranges
VendorProductVersion rangeFixed in
jenkinsbuild_notifications_plugin
jenkinscisco_spark_plugin
jenkinsdeployment_dashboard_plugin
jenkinselasticsearch_query_plugin
jenkinsfailed_job_deactivator_plugin
jenkinsfeedback_panel_plugin
jenkinsgitlab_plugin
jenkinsids_in_xebialabs_xl_release_plugin
jenkinsjigomerge_plugin
jenkinsmatrix_reloaded_plugin
jenkinsopsgenie_plugin
jenkinsplot<= 2.1.10
jenkinsplot_plugin
jenkinsproject_inheritance_plugin
jenkinsrecipe_plugin
jenkinsrequest_rename_or_delete_plugin
jenkinsrich_text_publisher_plugin
jenkinsrocketchat_notifier_plugin
jenkinsrqm_plugin
jenkinsskype_notifier_plugin
jenkinstestng_results_plugin
jenkinsvalidating_email_parameter_plugin
jenkinsxebialabs_xl_release_plugin
jenkinsxpath_configuration_viewer_plugin
jenkins_projectjenkins_plot_pluginunspecified – 2.1.10

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.