Security Advisory

CVE-2023-28678

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-23 11:26:06

Last updated 2025-02-25 19:16:28

Assigner jenkins

State PUBLISHED

Description

Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control report file contents.

← Browse all CVEs View on cve.org ↗