Description
Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Remediation
References
https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-1932
http://www.openwall.com/lists/oss-security/2022/03/29/1
Related Vulnerabilities
CVE-2022-43415 Vulnerability in maven package org.jenkins-ci.plugins:repo
CVE-2022-21192 Vulnerability in npm package serve-lite
CVE-2021-38153 Vulnerability in maven package org.apache.kafka:kafka-clients
CVE-2015-5209 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2013-6429 Vulnerability in maven package org.springframework:spring-web