Description
Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784
Related Vulnerabilities
CVE-2019-3773 Vulnerability in maven package org.springframework.ws:spring-ws-core
CVE-2022-37422 Vulnerability in maven package fish.payara.server.internal.web:web-core
CVE-2023-24450 Vulnerability in maven package org.jenkins-ci.plugins:view-cloner
CVE-2023-42794 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2023-49396 Vulnerability in maven package com.jfinal:jfinal