Description
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
Remediation
References
https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3140
Related Vulnerabilities
CVE-2015-1831 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2018-20677 Vulnerability in npm package bootstrap
CVE-2022-32549 Vulnerability in maven package org.apache.sling:org.apache.sling.api
CVE-2020-6463 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-49299 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-master