Description
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.
Remediation
References
https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1918
Related Vulnerabilities
CVE-2023-25500 Vulnerability in maven package com.vaadin:flow-server
CVE-2012-5575 Vulnerability in maven package org.apache.cxf:cxf-bundle
CVE-2022-2256 Vulnerability in maven package org.keycloak:keycloak-themes
CVE-2013-1879 Vulnerability in maven package org.apache.activemq:activemq-client
CVE-2022-34800 Vulnerability in maven package tools.devnull:build-notifications