Description
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.
Remediation
References
Related Vulnerabilities
WordPress Plugin 10WebAnalytics Cross-Site Request Forgery (1.2.8)
Claroline Other Vulnerability (CVE-2007-3517)
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Cross-Site Scripting (1.3.7.2)
Perl Out-of-bounds Write Vulnerability (CVE-2023-47039)
WordPress Plugin Accept Stripe Donation-AidWP Cross-Site Request Forgery (3.1.5)