Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.
Remediation
References
Related Vulnerabilities
OpenSSL Improper Certificate Validation Vulnerability (CVE-2023-0465)
WordPress Plugin Divi Builder Cross-Site Scripting (2.17.2)
WordPress Plugin s2member Secure File Browser Cross-Site Scripting (0.4.16)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.15)
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-8823)