Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-6ubx-j66h-ykh5
Summary
Jenkins HTML Publisher Plugin Stored XSS vulnerability
Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Aliases
0
alias CVE-2024-28150
1
alias GHSA-xrrw-9j78-hpf3
Fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
purl pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28150.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28150.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28150
reference_id
reference_type
scores
0
value 0.00176
scoring_system epss
scoring_elements 0.39139
published_at 2026-04-18T12:55:00Z
1
value 0.00176
scoring_system epss
scoring_elements 0.39168
published_at 2026-04-04T12:55:00Z
2
value 0.00176
scoring_system epss
scoring_elements 0.39171
published_at 2026-04-11T12:55:00Z
3
value 0.00176
scoring_system epss
scoring_elements 0.39159
published_at 2026-04-09T12:55:00Z
4
value 0.00176
scoring_system epss
scoring_elements 0.39142
published_at 2026-04-08T12:55:00Z
5
value 0.00176
scoring_system epss
scoring_elements 0.39087
published_at 2026-04-07T12:55:00Z
6
value 0.00176
scoring_system epss
scoring_elements 0.39147
published_at 2026-04-02T12:55:00Z
7
value 0.00176
scoring_system epss
scoring_elements 0.3917
published_at 2026-04-16T12:55:00Z
8
value 0.00176
scoring_system epss
scoring_elements 0.39115
published_at 2026-04-13T12:55:00Z
9
value 0.00176
scoring_system epss
scoring_elements 0.39134
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28150
2
reference_url https://github.com/jenkinsci/htmlpublisher-plugin
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin
3
reference_url https://github.com/jenkinsci/htmlpublisher-plugin/commit/c0eed940e65ea90f9b5ba21aa3d953546d5cd8ad
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin/commit/c0eed940e65ea90f9b5ba21aa3d953546d5cd8ad
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28150
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28150
5
reference_url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3302
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:28:03Z/
url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3302
6
reference_url http://www.openwall.com/lists/oss-security/2024/03/06/3
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:28:03Z/
url http://www.openwall.com/lists/oss-security/2024/03/06/3
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268228
reference_id 2268228
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268228
8
reference_url https://github.com/advisories/GHSA-xrrw-9j78-hpf3
reference_id GHSA-xrrw-9j78-hpf3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xrrw-9j78-hpf3
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.7 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-6ubx-j66h-ykh5