Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
2023-10-25T18:17:40.353
2024-11-21T08:29:00.047
Modified
CVSSv3.1: 5.4 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | jenkins | edgewall_trac | ≤ 1.13 | Yes |