Description

Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

Remediation

References

CVE-2011-4344

Related Vulnerabilities

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2021-32027)

WordPress Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2020-4050)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.42)

MySQL CVE-2018-3155 Vulnerability (CVE-2018-3155)

WordPress Plugin Content Grabber Multiple Vulnerabilities (1.0)

Severity

Low

Classification

CVE-2011-4344 CWE-707

Tags

Missing Update Known Vulnerabilities