Description
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
Remediation
References
https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1936
http://www.openwall.com/lists/oss-security/2020/09/01/3
Related Vulnerabilities
CVE-2021-30246 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign
CVE-2022-21213 Vulnerability in npm package mout
CVE-2011-4905 Vulnerability in maven package activemq:activemq
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-beam-sql
CVE-2022-48285 Vulnerability in maven package org.webjars.npm:github-com-stuk-jszip