Description
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/08/07/1
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142
Related Vulnerabilities
CVE-2019-14862 Vulnerability in maven package org.webjars.npm:knockout
CVE-2022-31089 Vulnerability in npm package parse-server
CVE-2022-41254 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt
CVE-2021-26296 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project
CVE-2020-17534 Vulnerability in maven package org.netbeans.html:webkit