Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1000604 Vulnerability in maven package org.jenkins-ci.plugins:badge

Description

A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-906

Related Vulnerabilities

CVE-2022-34177 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-input-step

CVE-2020-17530 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-31101 Vulnerability in maven package org.apache.inlong:manager-dao

CVE-2023-32688 Vulnerability in npm package @parse/push-adapter

CVE-2023-35142 Vulnerability in maven package com.checkmarx.jenkins:checkmarx

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory