Description
Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.
Remediation
References
https://www.jenkins.io/security/advisory/2023-03-21/#SECURITY-2885
Related Vulnerabilities
CVE-2022-36885 Vulnerability in maven package com.coravy.hudson.plugins.github:github
CVE-2022-34813 Vulnerability in maven package org.jenkins-ci.plugins:xpath-config-viewer
CVE-2018-1000406 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2015-8859 Vulnerability in maven package org.webjars.npm:send
CVE-2020-24554 Vulnerability in maven package com.liferay.release.portal.bom