Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.

Remediation

References

CVE-2014-2065

Related Vulnerabilities

WordPress Plugin Toolset Types-Custom Post Types, Custom Fields and Taxonomies PHP Object Injection (1.5.7)

WordPress Plugin My Calendar Multiple Vulnerabilities (2.3.29)

WordPress Plugin Analyticator PHP Object Injection (6.5.5)

Apache Tomcat Resource Management Errors Vulnerability (CVE-2011-0534)

WordPress Plugin Image Gallery with Slideshow Multiple Vulnerabilities (1.5.2)

Severity

Medium

Classification

CVE-2014-2065 CWE-707

Tags

Missing Update Known Vulnerabilities