Description
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript
Remediation
References
https://jenkins.io/security/advisory/2018-02-26/#SECURITY-731
Related Vulnerabilities
CVE-2018-1000147 Vulnerability in maven package org.jvnet.hudson.plugins:perforce
CVE-2017-3523 Vulnerability in maven package mysql:mysql-connector-java
CVE-2021-21688 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-14838 Vulnerability in maven package org.wildfly.core:wildfly-host-controller
CVE-2017-15703 Vulnerability in maven package org.apache.nifi:nifi-update-attribute-model