Description
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2000-0770)
WordPress Plugin Contact Form Submissions SQL Injection (1.6.4)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43953)
WordPress Plugin Contact Form 7 Style Cross-Site Request Forgery (3.2)
Django Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-0472)