Description
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
Remediation
References
https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1676
http://www.openwall.com/lists/oss-security/2020/03/25/2
Related Vulnerabilities
CVE-2023-1370 Vulnerability in maven package net.minidev:json-smart
CVE-2023-25762 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-build-step
CVE-2020-17527 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2019-1354 Vulnerability in npm package nodegit
CVE-2023-32071 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates