Description
Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
Remediation
References
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1776
http://www.openwall.com/lists/oss-security/2020/07/02/7
Related Vulnerabilities
CVE-2022-24814 Vulnerability in npm package directus
CVE-2018-10899 Vulnerability in maven package org.jolokia:jolokia-core
CVE-2023-34235 Vulnerability in npm package @strapi/utils
CVE-2022-23619 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web
CVE-2022-43427 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test