Description
Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Remediation
References
https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1884
http://www.openwall.com/lists/oss-security/2020/09/01/3
Related Vulnerabilities
CVE-2023-33938 Vulnerability in maven package com.liferay.portal:release.portal.bom
CVE-2022-24822 Vulnerability in npm package @podium/layout
CVE-2023-37958 Vulnerability in maven package org.jenkins-ci.plugins:sumologic-publisher
CVE-2023-35887 Vulnerability in maven package org.apache.sshd:sshd-sftp
CVE-2023-32314 Vulnerability in maven package org.webjars.npm:vm2