{"id":"CVE-2024-28153","details":"Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.","aliases":["GHSA-9pp4-mx6x-xh36"],"modified":"2026-04-10T05:11:55.859662Z","published":"2024-03-06T17:15:10.687Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/03/06/3"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3344"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/dependency-check-plugin","events":[{"introduced":"0"},{"fixed":"fa335fb0b6c5d262d5e48f3f88acf1cb38047ab7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.4.6"}]}}],"versions":["dependency-check-jenkins-plugin-1.4.1","dependency-check-jenkins-plugin-1.4.2","dependency-check-jenkins-plugin-1.4.3","dependency-check-jenkins-plugin-1.4.4","dependency-check-jenkins-plugin-1.4.5","dependency-check-jenkins-plugin-2.0.0","dependency-check-jenkins-plugin-2.0.1","dependency-check-jenkins-plugin-2.0.1.1","dependency-check-jenkins-plugin-2.1.0","dependency-check-jenkins-plugin-2.1.1","dependency-check-jenkins-plugin-3.0.0","dependency-check-jenkins-plugin-3.0.1","dependency-check-jenkins-plugin-3.0.2","dependency-check-jenkins-plugin-3.1.0","dependency-check-jenkins-plugin-3.1.1","dependency-check-jenkins-plugin-3.1.2","dependency-check-jenkins-plugin-3.1.2.1","dependency-check-jenkins-plugin-3.2.0","dependency-check-jenkins-plugin-3.2.1","dependency-check-jenkins-plugin-3.3.0","dependency-check-jenkins-plugin-3.3.1","dependency-check-jenkins-plugin-3.3.2","dependency-check-jenkins-plugin-3.3.4","dependency-check-jenkins-plugin-4.0.0","dependency-check-jenkins-plugin-4.0.1","dependency-check-jenkins-plugin-4.0.2","dependency-check-jenkins-plugin-5.0.0","dependency-check-jenkins-plugin-5.0.1","dependency-check-jenkins-plugin-5.0.2","dependency-check-jenkins-plugin-5.1.0","dependency-check-jenkins-plugin-5.1.1","dependency-check-jenkins-plugin-5.1.2","dependency-check-jenkins-plugin-5.2.0","dependency-check-jenkins-plugin-5.2.1","dependency-check-jenkins-plugin-5.3.0","dependency-check-jenkins-plugin-5.4.0","dependency-check-jenkins-plugin-5.4.1","dependency-check-jenkins-plugin-5.4.2","dependency-check-jenkins-plugin-5.4.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28153.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}