CVE-2025-53658 Information

Description

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Reference

https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3509

Related CNNVD

CNNVD-202507-1321 (Published: 2025-07-09)