Description
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
Remediation
References
http://osvdb.org/92982
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
https://exchange.xforce.ibmcloud.com/vulnerabilities/84004
Related Vulnerabilities
CVE-2022-36094 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2023-25500 Vulnerability in maven package com.vaadin:vaadin
CVE-2021-23387 Vulnerability in npm package trailing-slash
CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-debug-jdk14
CVE-2022-25881 Vulnerability in maven package org.webjars.npm:http-cache-semantics