PT-2026-35918 · Jenkins · Html Publisher Plugin+1

Published

2026-04-29

Updated

2026-05-05

CVE-2026-42524

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins HTML Publisher Plugin versions prior to 428

Description Stored cross-site scripting (XSS) occurs because the legacy wrapper file fails to escape the job name and URL. This allows attackers with Item/Configure permissions to execute malicious scripts.

Recommendations Update to a version later than 427.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-42524

GHSA-F8H4-46XV-H7JJ

Affected Products

Html Publisher Plugin

Jenkins

PT-2026-35918 · Jenkins · Html Publisher Plugin+1

CVE-2026-42524

Weakness Enumeration

Related Identifiers

Affected Products

References · 7