Description
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/08/07/1
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142
Related Vulnerabilities
CVE-2023-34189 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2021-23335 Vulnerability in npm package is-user-valid
CVE-2022-31172 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2020-28478 Vulnerability in npm package gsap
CVE-2020-2253 Vulnerability in maven package org.jenkins-ci.plugins:email-ext