Description
Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields.
Remediation
References
https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2931
http://www.openwall.com/lists/oss-security/2023/02/15/4
Related Vulnerabilities
CVE-2023-31103 Vulnerability in maven package org.apache.inlong:manager-web
CVE-2016-8609 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2023-37960 Vulnerability in maven package io.jenkins.plugins:mathworks-polyspace
CVE-2022-41253 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt
CVE-2020-2279 Vulnerability in maven package org.jenkins-ci.plugins:script-security