Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Remediation

References

CVE-2015-7536

Related Vulnerabilities

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Unspecified Vulnerability (2.1.26)

Internet Information Services Other Vulnerability (CVE-2002-0079)

Axway Secure Transport Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-14277)

PHP Improper Input Validation Vulnerability (CVE-2014-3487)

WordPress Plugin Comment Highlighter SQL Injection (0.13)

Severity

Medium

Classification

CVE-2015-7536 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities