Description
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
Remediation
References
Related Vulnerabilities
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3056)
MySQL CVE-2017-3638 Vulnerability (CVE-2017-3638)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.14)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-12149)