cbcvebase.
CVE-2023-25763
published 2023-02-15

CVE-2023-25763: Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting…

medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields.

Affected

9 ranges
VendorProductVersion rangeFixed in
jenkinsazure_credentials_plugin
jenkinsbuild_step_plugin
jenkinsconfig_file_provider_plugin
jenkinsemail_extension< 2.93.12.93.1
jenkinsemail_extension_plugin
jenkinsjunit_plugin
jenkinsjunit_resources_processed_by_the_plugin
jenkinssynopsys_coverity_plugin
jenkins_projectjenkins_email_extension_pluginunspecified – 2.93