Skip to main content

Owasp Dependency Check

3 CVEs product

Monthly

CVE-2024-28153 Maven MEDIUM PATCH This Month

Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Owasp Dependency Check
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-43577 Maven HIGH PATCH This Week

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Owasp Dependency Check
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2017-1000109 Maven MEDIUM PATCH This Month

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Owasp Dependency Check
NVD
CVSS 3.0
6.1
EPSS
0.1%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Owasp Dependency Check
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Owasp Dependency Check
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Owasp Dependency Check
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy