cvedb.io
CVE-2025-5806
HIGH · CVSS 8
EPSS exploitation probability: 0%
Published 2025-06-06T14:15:23.323 · Last modified 2026-06-17T09:48:47.327

Summary

Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to change report content.

Affected products

jenkins — gatling

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.