Description
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.
Remediation
References
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142
http://www.openwall.com/lists/oss-security/2019/08/07/1
Related Vulnerabilities
CVE-2016-0785 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2022-45392 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2021-32050 Vulnerability in npm package mongodb
CVE-2023-32069 Vulnerability in maven package org.xwiki.platform:xwiki-platform-xclass-ui
CVE-2021-22047 Vulnerability in maven package org.springframework.data:spring-data-rest-core