Description
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents.
Remediation
References
Related Vulnerabilities
WordPress Plugin The Events Calendar Security Bypass (3.11.2)
WordPress Plugin Calendar Event Multi View Unspecified Vulnerability (1.3.58)
Oracle Database Server CVE-2008-0347 Vulnerability (CVE-2008-0347)
XWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-41932)
XWiki Improper Preservation of Permissions Vulnerability (CVE-2021-21379)