Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://osvdb.org/92982

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb

https://exchange.xforce.ibmcloud.com/vulnerabilities/84004

Related Vulnerabilities

CVE-2017-9802 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post

CVE-2018-6341 Vulnerability in npm package vue

CVE-2015-7559 Vulnerability in maven package org.apache.activemq:activemq-core

CVE-2020-8203 Vulnerability in npm package @sailshq/lodash

CVE-2022-23622 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

Severity

Critical

Classification

CWE-79

Tags

Broken Link Vendor Advisory VDB Entry