Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Jenkins |
|
No data.
References
History
Fri, 18 Jul 2025 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jenkins
Jenkins applitools Eyes |
|
| CPEs | cpe:2.3:a:jenkins:applitools_eyes:*:*:*:*:*:jenkins:*:* | |
| Vendors & Products |
Jenkins
Jenkins applitools Eyes |
Wed, 09 Jul 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Wed, 09 Jul 2025 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2025-07-09T15:39:31.371Z
Updated: 2025-07-09T19:15:05.444Z
Reserved: 2025-07-08T07:51:59.762Z
Link: CVE-2025-53658
Vulnrichment
Updated: 2025-07-09T18:49:59.660Z
NVD
Status : Analyzed
Published: 2025-07-09T16:15:25.237
Modified: 2025-07-18T17:37:19.640
Link: CVE-2025-53658
Redhat
No data.