Description
Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2005-3438)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6103)
WordPress Plugin Gravity Forms Salesforce Cross-Site Scripting (1.2.4)
MediaWiki Other Vulnerability (CVE-2005-1245)
Oracle Database Server CVE-2009-1996 Vulnerability (CVE-2009-1996)