{"id":"CVE-2025-47885","details":"Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses.","aliases":["GHSA-xrpq-4g9w-qrwj"],"modified":"2026-04-10T05:27:40.788504Z","published":"2025-05-14T21:15:59.483Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3559"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/cloudbees-jenkins-advisor-plugin","events":[{"introduced":"0"},{"last_affected":"194bd4f0c8c86aab1ac1ea1316d7ca450f1fffef"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"374.v194b_d4f0c8c8"}]}}],"versions":["326.v1821e6a_85e3f","336.v4d00382fe22c","340.v336f61c216f6","358.v58972d19b_1f0","374.v194b_d4f0c8c8","cloudbees-jenkins-advisor-1.0","cloudbees-jenkins-advisor-1.1","cloudbees-jenkins-advisor-1.2","cloudbees-jenkins-advisor-1.3","cloudbees-jenkins-advisor-1.4","cloudbees-jenkins-advisor-1.5","cloudbees-jenkins-advisor-2.10","cloudbees-jenkins-advisor-2.11","cloudbees-jenkins-advisor-3.0","cloudbees-jenkins-advisor-3.1.0","cloudbees-jenkins-advisor-3.2.0","cloudbees-jenkins-advisor-3.2.2","cloudbees-jenkins-advisor-3.2.3","cloudbees-jenkins-advisor-3.2.4","cloudbees-jenkins-advisor-3.2.5","cloudbees-jenkins-advisor-3.3.0","cloudbees-jenkins-advisor-3.3.1","cloudbees-jenkins-advisor-3.3.2","cloudbees-jenkins-advisor-3.3.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47885.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}