Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields.

Affected Packages

Maven org.jenkins-ci.plugins:email-ext

Affected versions: 0 (fixed in 2.94)

Related CVEs

CVE-2023-25763

Key Information

GHSA ID

GHSA-h97r-fchm-m23x

Published

February 15, 2023 3:30 PM

Last Modified

February 23, 2023 9:31 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:email-ext

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.