CVE-2019-10349

MEDIUM

Jenkins Dependency Graph Viewer Plugin < 0.13 - Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-10349. PoCs published by Ishaq Mohammed.

AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in the Jenkins Dependency Graph View Plugin (v0.13). The exploit involves injecting malicious JavaScript into the 'Display Name' field, which executes when viewed in the Dependency Graph module.

Description

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.

Exploits (1)

exploitdb WRITEUP
by Ishaq Mohammed · textwebappsjava
https://www.exploit-db.com/exploits/47111

This is a writeup describing a persistent XSS vulnerability in the Jenkins Dependency Graph View Plugin (v0.13). The exploit involves injecting malicious JavaScript into the 'Display Name' field, which executes when viewed in the Dependency Graph module.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Jenkins Dependency Graph View Plugin v0.13
Auth required
Prerequisites: Valid Jenkins credentials · Dependency Graph View Plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/07/11/4
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/109156

Scores

CVSS v3 5.4
EPSS 0.0075
EPSS Percentile 73.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
jenkins/dependency_graph_viewer < 0.13
org.jenkins-ci.plugins/depgraph-view 0 - 0.14Maven
Published Jul 11, 2019
Tracked Since Feb 18, 2026