Description
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1177
http://www.openwall.com/lists/oss-security/2019/07/11/4
http://packetstormsecurity.com/files/153610/Jenkins-Dependency-Graph-View-0.13-Cross-Site-Scripting.html
http://www.securityfocus.com/bid/109156
Related Vulnerabilities
CVE-2023-34614 Vulnerability in maven package cc.plural:jsonij
CVE-2019-10398 Vulnerability in maven package org.jenkins-ci.plugins:beaker-builder
CVE-2020-15096 Vulnerability in npm package electron
CVE-2023-29201 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2019-16560 Vulnerability in maven package org.jenkins-ci.plugins:websphere-deployer