Description
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.
Remediation
References
Related Vulnerabilities
WordPress Plugin BackWPup Security Bypass (3.4.1)
WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (2.5.2.1)
WordPress Plugin WP Server Health Stats Malicious Code (1.7.6)
WordPress Plugin Forms-Form builder and Contact form Multiple Unspecified Vulnerabilities (1.4.7)