Description
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2016-0675 Vulnerability (CVE-2016-0675)
MySQL CVE-2019-2481 Vulnerability (CVE-2019-2481)
WordPress Plugin SL User Create Information Disclosure (0.2.4)
Ruby on Rails Improper Access Control Vulnerability (CVE-2015-7577)
WordPress Plugin ChimpMate-WordPress MailChimp Assistant Local File Inclusion (1.3.2)