Description
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
Remediation
References
http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html
http://www.openwall.com/lists/oss-security/2019/07/11/4
http://www.securityfocus.com/bid/109156
https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177
Related Vulnerabilities
CVE-2020-28472 Vulnerability in maven package org.webjars.npm:aws-sdk
CVE-2016-10523 Vulnerability in npm package mqtt-packet
CVE-2018-1000616 Vulnerability in maven package org.onosproject:onos-cli
CVE-2021-37695 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4
CVE-2020-7660 Vulnerability in maven package org.webjars.npm:serialize-javascript