CVE-2024-28157

EIP tracks 1 public exploit for CVE-2024-28157. PoCs published by shinigami-777.

AI-analyzed exploit summary This PoC demonstrates a stored XSS vulnerability in Jenkins GitBucket Plugin version 0.8 and earlier. The exploit involves injecting a malicious JavaScript payload into the Gitbucket URL field during job configuration, which executes when the build view is accessed.

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.