Description
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
Remediation
References
http://osvdb.org/92982
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
https://exchange.xforce.ibmcloud.com/vulnerabilities/84004
Related Vulnerabilities
CVE-2017-9802 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post
CVE-2018-6341 Vulnerability in npm package vue
CVE-2015-7559 Vulnerability in maven package org.apache.activemq:activemq-core
CVE-2020-8203 Vulnerability in npm package @sailshq/lodash
CVE-2022-23622 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates