Description
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.
Remediation
References
Related Vulnerabilities
WordPress Plugin Pinterest 'Pin It' Button Cross-Site Scripting (2.0.8)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.127.3)
Liferay DXP Other Vulnerability (CVE-2024-26270)
WordPress Plugin Juiz Social Post Sharer Multiple Cross-Site Scripting Vulnerabilities (1.3.3.7)