Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.plugins/cvs@2.19

Type maven

Namespace org.jenkins-ci.plugins

Name cvs

Version 2.19

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.17

Latest_non_vulnerable_version 2.19.1

Affected_by_vulnerabilities

url VCID-ksdy-7k29-eya3

vulnerability_id VCID-ksdy-7k29-eya3

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29037

reference_id

reference_type

scores

value	0.00389
scoring_system	epss
scoring_elements	0.60298
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29037

reference_url	https://github.com/jenkinsci/cvs-plugin/commit/043ef8801a7b3fbbf778245c3c7174d21e42efe2
reference_id
reference_type
scores
url	https://github.com/jenkinsci/cvs-plugin/commit/043ef8801a7b3fbbf778245c3c7174d21e42efe2

reference_url	https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617
reference_id
reference_type
scores
url	https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-29037
reference_id	CVE-2022-29037
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-29037

reference_url

https://github.com/advisories/GHSA-ghq2-m3pq-qf3p

reference_id

GHSA-ghq2-m3pq-qf3p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ghq2-m3pq-qf3p

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins/cvs@2.19.1
purl	pkg:maven/org.jenkins-ci.plugins/cvs@2.19.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/cvs@2.19.1

aliases CVE-2022-29037, GHSA-ghq2-m3pq-qf3p

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksdy-7k29-eya3

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/cvs@2.19

Package Instance