Description
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.
Remediation
References
Related Vulnerabilities
Magento Incorrect Authorization Vulnerability (CVE-2021-28567)
FluxBB CVE-2011-3621 Vulnerability (CVE-2011-3621)
Oracle Database Server CVE-2012-0525 Vulnerability (CVE-2012-0525)
Apache HTTP Server Other Vulnerability (CVE-2002-2012)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-29450)