Description
Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2768
Related Vulnerabilities
CVE-2023-37960 Vulnerability in maven package io.jenkins.plugins:mathworks-polyspace
CVE-2022-46907 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2022-23621 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2022-29166 Vulnerability in npm package matrix-org-irc
CVE-2023-20860 Vulnerability in maven package org.springframework:spring-webmvc