Is CVE-2021-21649 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project Dashboard View Plugin

CVE-2021-21649

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.

EPSS: 0.727 (99.4th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Dashboard View Plugin — versions unspecified, 2.12.1

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.jenkins.io/security/advisory/2021-05-11/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-21649?: CVE-2021-21649 is a vulnerability in Jenkins Project Dashboard View Plugin. Published 2021-05-11.
Is CVE-2021-21649 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.