Description

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.

Remediation

References

CVE-2019-10383

Related Vulnerabilities

WordPress Plugin Facebook Like Box Cross-Site Request Forgery (2.8.2)

WordPress Plugin Hustle-Pop-Ups, Slide-ins and Email Opt-ins CSV Injection (6.0.7)

WordPress 2.8.5 Multiple Vulnerabilities (2.8 - 2.8.5)

WordPress Plugin PayPal Digital Downloads Cross-Site Request Forgery (1.4)

WordPress Plugin Zoho Marketing Automation SQL Injection (1.2.7)

Severity

Medium

Classification

CVE-2019-10383 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities