Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.
Remediation
References
Related Vulnerabilities
WordPress Plugin wp-mpdf Cross-Site Request Forgery (3.5.1)
WordPress Plugin PDF & Print Button Joliprint Multiple Cross-Site Scripting Vulnerabilities (1.3.0)
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-36400)
WordPress Plugin Sell Downloads Unspecified Vulnerability (1.0.85)