Description
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.
Remediation
References
Related Vulnerabilities
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.4)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0125)
Jboss EAP Cryptographic Issues Vulnerability (CVE-2014-0058)
MySQL CVE-2015-4833 Vulnerability (CVE-2015-4833)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (5.2.4)