Description
A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1129
http://www.securityfocus.com/bid/106532
Related Vulnerabilities
CVE-2020-10687 Vulnerability in maven package io.undertow:undertow-core
CVE-2020-15839 Vulnerability in maven package com.liferay.portal:release.dxp.bom
CVE-2017-7662 Vulnerability in maven package org.apache.cxf.fediz:fediz-cxf
CVE-2023-26127 Vulnerability in npm package n158
CVE-2022-41236 Vulnerability in maven package org.jenkins-ci.plugins:security-inspector