Description
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/25/2
https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1796
Related Vulnerabilities
CVE-2022-2466 Vulnerability in maven package io.quarkus:quarkus-smallrye-graphql
CVE-2019-3888 Vulnerability in maven package io.undertow:undertow-core
CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty.aggregate:jetty-all
CVE-2020-4038 Vulnerability in npm package graphql-playground-html
CVE-2022-31147 Vulnerability in maven package org.webjars:jquery-validation