Description
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.
Remediation
References
Related Vulnerabilities
WordPress Cross-Site Scripting Vulnerability (3.9.3 - 4.2)
WordPress Plugin WORDPRESS VIDEO GALLERY SQL Injection (2.7)
WordPress Plugin Audio Player Cross-Site Scripting (2.0.4.5)
WordPress Plugin Elementor Pro Arbitrary File Upload (2.9.3)
WordPress Plugin Chat-Support Board-WordPress Chat Multiple SQL Injection Vulnerabilities (3.3.3)