Description
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google XML Sitemaps Cross-Site Scripting (4.0.9)
WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder For WordPress CSV Injection (1.4.7)
phpMyAdmin CVE-2013-3238 Vulnerability (CVE-2013-3238)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1155)