Description

Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.

Remediation

References

CVE-2017-17383

Related Vulnerabilities

WordPress Plugin BackWPup Security Bypass (3.4.1)

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (2.5.2.1)

WordPress Plugin WP Server Health Stats Malicious Code (1.7.6)

Oracle HTTP Server Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-4182)

WordPress Plugin Forms-Form builder and Contact form Multiple Unspecified Vulnerabilities (1.4.7)

Severity

Medium

Classification

CVE-2017-17383 CWE-707 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities