Description
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/03/15/2
https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2232
Related Vulnerabilities
CVE-2019-20921 Vulnerability in maven package org.webjars.bower:bootstrap-select
CVE-2021-46320 Vulnerability in npm package @openzeppelin/contracts
CVE-2022-23505 Vulnerability in npm package passport-wsfed-saml2
CVE-2020-7687 Vulnerability in npm package fast-http
CVE-2019-16775 Vulnerability in maven package org.webjars.bower:npm