cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-30965,https://securityvulnerability.io/vulnerability/CVE-2022-30965,Stored Cross-Site Scripting Vulnerability in Jenkins Promoted Builds Plugin,"A stored cross-site scripting vulnerability exists in the Jenkins Promoted Builds (Simple) Plugin versions 1.9 and earlier, where the name and description of Promotion Level parameters are not properly escaped on views that display these parameters. This flaw allows attackers with Item/Configure permissions to inject malicious scripts that can be executed in the context of users accessing the affected views, potentially leading to unauthorized actions or data exposure.",Jenkins,Jenkins Promoted Builds (simple) Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-05-17T14:06:45.000Z,0
CVE-2022-29049,https://securityvulnerability.io/vulnerability/CVE-2022-29049,Insufficient Name Validation in Jenkins Promoted Builds Plugin by CloudBees,"The Jenkins Promoted Builds Plugin, specifically versions 873.v6149db_d64130 and earlier (excluding version 3.10.1), lacks proper validation for promotion names defined in Job DSL. This vulnerability enables attackers with Job/Configure permissions to craft promotions with arbitrary and potentially dangerous names, creating opportunities for malicious actions within the Jenkins environment.",Jenkins,Jenkins Promoted Builds Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-04-12T00:00:00.000Z,0
CVE-2022-29045,https://securityvulnerability.io/vulnerability/CVE-2022-29045,Stored Cross-Site Scripting Vulnerability in Jenkins Promoted Builds Plugin,"The Jenkins Promoted Builds Plugin, specifically versions 873.v6149db_d64130 and earlier, is susceptible to a stored cross-site scripting vulnerability. This issue arises due to the plugin's failure to properly escape the name and description fields of Promoted Build parameters on views where these parameters are displayed. As a result, attackers with Item/Configure permissions could exploit this vulnerability to inject malicious scripts, leading to potential risks such as unauthorized access and data manipulation.",Jenkins,Jenkins Promoted Builds Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-04-12T00:00:00.000Z,0
CVE-2022-25202,https://securityvulnerability.io/vulnerability/CVE-2022-25202,Stored XSS Vulnerability in Jenkins Promoted Builds Plugin by CloudBees,"The Jenkins Promoted Builds (Simple) Plugin prior to version 1.9 contains a stored cross-site scripting vulnerability due to insufficient escaping of the names of custom promotion levels. Attackers with Overall/Administer permissions can exploit this flaw to inject malicious scripts that are executed when users interact with the affected elements, posing a significant security risk in managed environments.",Jenkins,Jenkins Promoted Builds (simple) Plugin,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-02-15T16:11:36.000Z,0
CVE-2021-21641,https://securityvulnerability.io/vulnerability/CVE-2021-21641,,A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.,Jenkins,Jenkins Promoted Builds Plugin,4.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2021-04-07T13:50:15.000Z,0