Description
A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.
Remediation
References
https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821
Related Vulnerabilities
CVE-2023-50730 Vulnerability in maven package org.typelevel:grackle-core_sjs1_3
CVE-2017-15684 Vulnerability in maven package org.craftercms:crafter-studio
CVE-2023-44487 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2021-36152 Vulnerability in maven package org.apache.gobblin:gobblin-core
CVE-2023-24446 Vulnerability in maven package org.jenkins-ci.plugins:openid