CVE-2021-21649

MEDIUM

Jenkins Dashboard View Plugin < 2.15 - Stored Cross-Site Scripting via Image Dashboard Portlet URL

Title source: llm
STIX 2.1

Description

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.

References (1)

Core 1
Core References

Scores

CVSS v3 5.4
EPSS 0.0019
EPSS Percentile 40.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
jenkins/dashboard_view < 2.15
org.jenkins-ci.plugins/dashboard-view 2.13 - 2.16Maven
Published May 11, 2021
Tracked Since Feb 18, 2026