Description
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
Remediation
References
http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html
http://www.openwall.com/lists/oss-security/2019/07/11/4
http://www.securityfocus.com/bid/109156
https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177
Related Vulnerabilities
CVE-2020-15999 Vulnerability in maven package org.webjars.npm:electron
CVE-2016-8749 Vulnerability in maven package org.apache.camel:camel-jackson
CVE-2021-21696 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-46496 Vulnerability in npm package @evershop/evershop
CVE-2020-17518 Vulnerability in maven package org.apache.flink:flink-runtime_2.11