Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin Integration for Contact Form 7 and ActiveCampaign Cross-Site Scripting (1.0.3)
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17670)
WordPress Plugin WP Human Resource Management Security Bypass (2.2.14)
WordPress Plugin Download Manager Arbitrary File Deletion (3.2.50)