Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://osvdb.org/92982

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb

https://exchange.xforce.ibmcloud.com/vulnerabilities/84004

Related Vulnerabilities

CVE-2020-16042 Vulnerability in maven package org.webjars.npm:electron

CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api

CVE-2015-3269 Vulnerability in maven package org.apache.flex.blazeds:flex-messaging-core

CVE-2015-5349 Vulnerability in maven package org.apache.directory.studio:org.apache.directory.studio.plugins-parent

CVE-2023-42277 Vulnerability in maven package cn.hutool:hutool-json

Severity

Critical

Classification

CWE-79

Tags

Broken Link Vendor Advisory VDB Entry