Description
Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2022-21296 Vulnerability (CVE-2022-21296)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7846)
WordPress Plugin Klaviyo Cross-Site Scripting (3.0.7)
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2014-6412)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2022-3358)