cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-30965,https://securityvulnerability.io/vulnerability/CVE-2022-30965,Stored Cross-Site Scripting Vulnerability in Jenkins Promoted Builds Plugin,"A stored cross-site scripting vulnerability exists in the Jenkins Promoted Builds (Simple) Plugin versions 1.9 and earlier, where the name and description of Promotion Level parameters are not properly escaped on views that display these parameters. This flaw allows attackers with Item/Configure permissions to inject malicious scripts that can be executed in the context of users accessing the affected views, potentially leading to unauthorized actions or data exposure.",Jenkins,Jenkins Promoted Builds (simple) Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-05-17T14:06:45.000Z,0
CVE-2022-25202,https://securityvulnerability.io/vulnerability/CVE-2022-25202,Stored XSS Vulnerability in Jenkins Promoted Builds Plugin by CloudBees,"The Jenkins Promoted Builds (Simple) Plugin prior to version 1.9 contains a stored cross-site scripting vulnerability due to insufficient escaping of the names of custom promotion levels. Attackers with Overall/Administer permissions can exploit this flaw to inject malicious scripts that are executed when users interact with the affected elements, posing a significant security risk in managed environments.",Jenkins,Jenkins Promoted Builds (simple) Plugin,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-02-15T16:11:36.000Z,0