Description
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
Remediation
References
Related Vulnerabilities
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000484)
WordPress Plugin Fathom Analytics Cross-Site Scripting (3.0.4)
WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.44)
WordPress Plugin Disable Comments Cross-Site Request Forgery (1.0.3)