Description
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.
Remediation
References
Related Vulnerabilities
Contao Insufficient Type Distinction Vulnerability (CVE-2025-65960)
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.11.3)
Joomla CVE-2022-23799 Vulnerability (CVE-2022-23799)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-46148)