Jenkins Edgewall Trac Plugin 1.13 Stored XSS via Unescaped Trac URL
CVE-2023-46659 Published on October 25, 2023

Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Vendor Advisory NVD

Products Associated with CVE-2023-46659

Want to know whenever a new CVE is published for Jenkins Edgewall Trac? stack.watch will email you.

Jenkins Edgewall Trac

Affected Versions

Jenkins Project Jenkins Edgewall Trac Plugin:

Before and including 1.13 is affected.

Exploit Probability

EPSS

0.91%

Percentile

75.55%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Edgewall Trac Plugin 1.13 Stored XSS via Unescaped Trac URLCVE-2023-46659 Published on October 25, 2023

Products Associated with CVE-2023-46659

Affected Versions

Exploit Probability

Jenkins Edgewall Trac Plugin 1.13 Stored XSS via Unescaped Trac URL
CVE-2023-46659 Published on October 25, 2023