cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-36905,https://securityvulnerability.io/vulnerability/CVE-2022-36905,Stored Cross-Site Scripting Vulnerability in Jenkins Maven Metadata Plugin,"The Jenkins Maven Metadata Plugin for the Jenkins CI server, version 2.2 and earlier, is susceptible to a stored cross-site scripting (XSS) vulnerability. This weakness arises from the absence of proper URL validation for the Repository Base URL within the parameters related to listing Maven artifact versions. Attackers with Item/Configure permissions can exploit this flaw to inject malicious scripts, potentially compromising the security of the Jenkins environment.",Jenkins,Jenkins Maven Metadata Plugin For Jenkins Ci Server Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-27T14:25:53.000Z,0
CVE-2022-34190,https://securityvulnerability.io/vulnerability/CVE-2022-34190,Stored Cross-Site Scripting Vulnerability in Jenkins Maven Metadata Plugin,"The Jenkins Maven Metadata Plugin for the Jenkins CI server is vulnerable due to improper escaping of the name and description parameters for List maven artifact versions. This flaw allows attackers with Item/Configure permissions to exploit stored cross-site scripting, leading to potential unauthorized actions on the affected Jenkins instance. Administrators should consider reviewing permissions and updating to the latest version to mitigate risks.",Jenkins,Jenkins Maven Metadata Plugin For Jenkins Ci Server Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-06-23T17:15:00.000Z,0