Description
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/08/07/1
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142
Related Vulnerabilities
CVE-2019-10425 Vulnerability in maven package org.jvnet.hudson.plugins:gcal
CVE-2023-45133 Vulnerability in npm package babel-traverse
CVE-2023-47321 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2019-10339 Vulnerability in maven package org.jenkins-ci.plugins:jx-resources
CVE-2023-34616 Vulnerability in maven package com.progsbase.libraries:json