CVE-2022-34790

Name of the Vulnerable Software and Affected Versions Jenkins eXtreme Feedback Panel Plugin versions 2.0.1 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the job names used in tooltips are not properly escaped, allowing attackers with Item/Configure permission to exploit this weakness.

Recommendations For Jenkins eXtreme Feedback Panel Plugin versions 2.0.1 and earlier, update to a version that properly escapes job names in tooltips to prevent stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.