HomeDefault status
unaffected
Any version
affected
Description
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Product status
Any version
References
www.openwall.com/lists/oss-security/2025/07/09/4
www.jenkins.io/security/advisory/2025-07-09/ (Jenkins Security Advisory 2025-07-09)