Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://osvdb.org/92982

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb

https://exchange.xforce.ibmcloud.com/vulnerabilities/84004

Related Vulnerabilities

CVE-2023-33000 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration

CVE-2022-25869 Vulnerability in npm package angular

CVE-2021-23429 Vulnerability in npm package transpile

CVE-2023-39532 Vulnerability in npm package ses

CVE-2020-2181 Vulnerability in maven package org.jenkins-ci.plugins:credentials-binding

Severity

Critical

Classification

CWE-79

Tags

Broken Link Vendor Advisory VDB Entry