Jenkins Cvs vulnerabilities

CVE-2022-29037 [MEDIUM] CWE-79 CVE-2022-29037: Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name pa Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE-2020-2324 [HIGH] CWE-611 CVE-2020-2324: Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.