Description
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/06/03/3
https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1726
Related Vulnerabilities
CVE-2020-24616 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-36897 Vulnerability in maven package com.compuware.jenkins:compuware-xpediter-code-coverage
CVE-2021-39177 Vulnerability in maven package org.geysermc:connector
CVE-2022-39350 Vulnerability in npm package @dependencytrack/frontend