Description
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
Remediation
References
http://osvdb.org/92982
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
https://exchange.xforce.ibmcloud.com/vulnerabilities/84004
Related Vulnerabilities
CVE-2023-24444 Vulnerability in maven package org.jenkins-ci.plugins:openid
CVE-2023-2850 Vulnerability in npm package nodebb
CVE-2021-41184 Vulnerability in maven package org.webjars.npm:jquery-ui
CVE-2022-1466 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2019-10306 Vulnerability in maven package org.jenkins-ci.plugins:ontrack