Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: jenkins

Published: 2022-12-07T00:00:00

Updated: 2023-10-24T14:26:37.707Z

Reserved: 2022-12-06T00:00:00


Link: CVE-2022-46684

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2022-12-12T09:15:13.027

Modified: 2022-12-12T19:16:13.727


Link: CVE-2022-46684

JSON object: View

cve-icon Redhat Information

No data.

CWE