Description

Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.

Remediation

References

CVE-2015-5326

Related Vulnerabilities

Mailman Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-43919)

WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress SQL Injection (1.5.51)

Apache Tomcat Insufficient Verification of Data Authenticity Vulnerability (CVE-2017-7674)

WordPress Plugin Seriously Simple Podcasting Cross-Site Request Forgery (2.16.0)

WordPress Plugin Article Directory Cross-Site Scripting (1.3)

Severity

Medium

Classification

CVE-2015-5326 CWE-707

Tags

Missing Update Known Vulnerabilities