Description
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2002-0567)
WordPress Cryptographic Issues Vulnerability (CVE-2014-9037)
WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)
Oracle JRE CVE-2014-0452 Vulnerability (CVE-2014-0452)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7942)