Description
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/02/12/3
https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709
Related Vulnerabilities
CVE-2022-43426 Vulnerability in maven package io.jenkins.plugins:s3explorer
CVE-2021-23377 Vulnerability in npm package onion-oled-js
CVE-2021-41164 Vulnerability in npm package ckeditor4
CVE-2022-24999 Vulnerability in maven package org.webjars.npm:qs
CVE-2019-16942 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind