Description

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.

Remediation

References

CVE-2021-21603

Related Vulnerabilities

WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.42)

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14723)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2488)

Jboss EAP Improper Input Validation Vulnerability (CVE-2020-10693)

WordPress Plugin WP Google Maps Cross-Site Request Forgery (7.11.27)

Severity

Medium

Classification

CVE-2021-21603 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities