Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
Typemaven
Namespaceorg.jenkins-ci.plugins
Namehtmlpublisher
Version1.32.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version427
Latest_non_vulnerable_version427.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-cq6b-54af-v3b8
vulnerability_id VCID-cq6b-54af-v3b8
summary 
Jenkins HTML Publisher Plugin Stored XSS vulnerability
Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28150.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28150.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28150
reference_id
reference_type
scores
0
value 0.00176
scoring_system epss
scoring_elements 0.38901
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28150
2
reference_url https://github.com/jenkinsci/htmlpublisher-plugin
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin
3
reference_url https://github.com/jenkinsci/htmlpublisher-plugin/commit/c0eed940e65ea90f9b5ba21aa3d953546d5cd8ad
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin/commit/c0eed940e65ea90f9b5ba21aa3d953546d5cd8ad
4
reference_url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3302
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:28:03Z/
url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3302
5
reference_url http://www.openwall.com/lists/oss-security/2024/03/06/3
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:28:03Z/
url http://www.openwall.com/lists/oss-security/2024/03/06/3
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268228
reference_id 2268228
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268228
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28150
reference_id CVE-2024-28150
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28150
8
reference_url https://github.com/advisories/GHSA-xrrw-9j78-hpf3
reference_id GHSA-xrrw-9j78-hpf3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xrrw-9j78-hpf3
fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
purl pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
aliases CVE-2024-28150, GHSA-xrrw-9j78-hpf3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cq6b-54af-v3b8
1
url VCID-dhzd-zfwn-7ude
vulnerability_id VCID-dhzd-zfwn-7ude
summary 
Jenkins HTML Publisher Plugin Path traversal vulnerability
Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28151.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28151.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28151
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43402
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28151
2
reference_url https://github.com/jenkinsci/htmlpublisher-plugin
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin
3
reference_url https://github.com/jenkinsci/htmlpublisher-plugin/commit/6b840248dd0d691bbac9b515cd750b3f925909b2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin/commit/6b840248dd0d691bbac9b515cd750b3f925909b2
4
reference_url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3303
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:34:15Z/
url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3303
5
reference_url http://www.openwall.com/lists/oss-security/2024/03/06/3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:34:15Z/
url http://www.openwall.com/lists/oss-security/2024/03/06/3
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268229
reference_id 2268229
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268229
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28151
reference_id CVE-2024-28151
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28151
8
reference_url https://github.com/advisories/GHSA-478x-m3mx-7j3f
reference_id GHSA-478x-m3mx-7j3f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-478x-m3mx-7j3f
fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
purl pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
aliases CVE-2024-28151, GHSA-478x-m3mx-7j3f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhzd-zfwn-7ude
2
url VCID-zz82-g28g-q3gy
vulnerability_id VCID-zz82-g28g-q3gy
summary 
Jenkins HTML Publisher Plugin does not properly sanitize input
Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28149.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28149.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28149
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32508
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28149
2
reference_url https://github.com/jenkinsci/htmlpublisher-plugin
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin
3
reference_url https://github.com/jenkinsci/htmlpublisher-plugin/commit/8bf2e2297a86ad50f7567fb953b2f8ec18b2891b
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin/commit/8bf2e2297a86ad50f7567fb953b2f8ec18b2891b
4
reference_url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T18:49:19Z/
url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301
5
reference_url http://www.openwall.com/lists/oss-security/2024/03/06/3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T18:49:19Z/
url http://www.openwall.com/lists/oss-security/2024/03/06/3
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268227
reference_id 2268227
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268227
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28149
reference_id CVE-2024-28149
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28149
8
reference_url https://github.com/advisories/GHSA-8vcg-v7g4-3vr7
reference_id GHSA-8vcg-v7g4-3vr7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8vcg-v7g4-3vr7
9
reference_url https://access.redhat.com/errata/RHSA-2024:3634
reference_id RHSA-2024:3634
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3634
10
reference_url https://access.redhat.com/errata/RHSA-2024:3635
reference_id RHSA-2024:3635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3635
11
reference_url https://access.redhat.com/errata/RHSA-2024:3636
reference_id RHSA-2024:3636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3636
12
reference_url https://access.redhat.com/errata/RHSA-2024:4597
reference_id RHSA-2024:4597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4597
fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
purl pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
aliases CVE-2024-28149, GHSA-8vcg-v7g4-3vr7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zz82-g28g-q3gy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1