Description
A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins.
Remediation
References
Related Vulnerabilities
WordPress Plugin EditorMonkey Remote File Upload (2.5)
WordPress Plugin Sermon Browser Multiple Cross-Site Scripting Vulnerabilities (0.45.15)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-4476)
WordPress Plugin Contact Form Entries-Contact Form 7, WPforms and more Cross-Site Scripting (1.1.5)