Description
Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2903
Related Vulnerabilities
CVE-2021-36373 Vulnerability in maven package org.apache.ant:ant
CVE-2013-4221 Vulnerability in maven package org.restlet:org.restlet
CVE-2019-10247 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2020-6464 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-43422 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-utilities