Description

Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.

Remediation

References

CVE-2015-5326

Related Vulnerabilities

WordPress Plugin Google Analytics Dashboard SQL Injection (2.0.4)

phpMyFAQ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-29196)

WordPress Plugin Images Slideshow by 2J-Image Slider Security Bypass (1.3.31)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17003)

PostgreSQL Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2014-8161)

Severity

Medium

Classification

CVE-2015-5326 CWE-707

Tags

Missing Update Known Vulnerabilities