Description
Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.
Remediation
References
https://jenkins.io/security/advisory/2017-11-08/
http://www.securityfocus.com/bid/102826
http://www.securityfocus.com/bid/101773
Related Vulnerabilities
CVE-2022-45208 Vulnerability in maven package org.jeecgframework.boot:jeecg-module-system
CVE-2021-21181 Vulnerability in npm package electron
CVE-2017-15685 Vulnerability in maven package org.craftercms:crafter-studio
CVE-2022-41229 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2023-34054 Vulnerability in maven package io.projectreactor.netty:reactor-netty-http