cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-30970,https://securityvulnerability.io/vulnerability/CVE-2022-30970,Stored XSS Vulnerability in Jenkins Autocomplete Parameter Plugin,"The Autocomplete Parameter Plugin for Jenkins has a vulnerability that allows attackers to exploit stored cross-site scripting (XSS) in certain parameter names. This issue arises from unsafe references to Dropdown Autocomplete and Auto Complete String parameters within the plugin's JavaScript embedded in view definitions. Attackers with Item/Configure permissions can trigger this vulnerability, posing significant security risks to Jenkins instances using affected versions of the plugin.",Jenkins,Jenkins Autocomplete Parameter Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-05-17T14:06:56.000Z,0
CVE-2022-30969,https://securityvulnerability.io/vulnerability/CVE-2022-30969,Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin,"A Cross-Site Request Forgery vulnerability exists in the Jenkins Autocomplete Parameter Plugin version 1.1 and earlier, allowing attackers to perform unauthorized actions on behalf of an administrator. When exploited, this flaw enables an attacker to execute arbitrary code within the Jenkins environment, bypassing sandbox protections. This underscores the critical need for Jenkins users to adopt secure configurations and apply the latest updates to mitigate such risks.",Jenkins,Jenkins Autocomplete Parameter Plugin,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2022-05-17T14:06:54.000Z,0
CVE-2022-30961,https://securityvulnerability.io/vulnerability/CVE-2022-30961,Stored Cross-Site Scripting Vulnerability in Jenkins Autocomplete Parameter Plugin,"The Jenkins Autocomplete Parameter Plugin, specifically version 1.1 and earlier, contains a flaw where it fails to properly escape the names of Dropdown Autocomplete and Auto Complete String parameters. This oversight allows an attacker with Item/Configure permissions to exploit the application, leading to a stored cross-site scripting (XSS) vulnerability. Successful exploitation could enable attackers to execute arbitrary scripts in the context of other users, posing significant security risks.",Jenkins,Jenkins Autocomplete Parameter Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-05-17T14:06:36.000Z,0