Description
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.
Remediation
References
https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1918
Related Vulnerabilities
CVE-2017-15685 Vulnerability in maven package org.craftercms:crafter-studio
CVE-2018-11778 Vulnerability in maven package org.apache.ranger:ranger
CVE-2017-2608 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-26474 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore