Jenkins Html Publisher — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Html Publisher, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2026-42524 — CVSS 8.0 (high): Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site…
CVE-2024-28149 — CVSS 6.5 (medium): Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure…
CVE-2018-1000175 — CVSS 6.5 (medium): A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers…
CVE-2025-53651 — CVSS 6.3 (medium): Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish…
CVE-2019-10432 — CVSS 5.4 (medium): Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a…
CVE-2024-28150 — CVSS 4.7 (medium): Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report…
CVE-2024-28151 — CVSS 4.3 (medium): Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the…