Description
A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin.
Remediation
References
https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1420
http://www.openwall.com/lists/oss-security/2019/06/11/1
http://www.securityfocus.com/bid/108747
Related Vulnerabilities
CVE-2021-31411 Vulnerability in maven package com.vaadin:flow-server
CVE-2023-46659 Vulnerability in maven package org.jenkins-ci.plugins:trac
CVE-2020-2262 Vulnerability in maven package org.jenkins-ci.plugins:android-lint
CVE-2023-24444 Vulnerability in maven package org.jenkins-ci.plugins:openid
CVE-2021-44878 Vulnerability in maven package org.pac4j:pac4j-core