Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.

Remediation

References

CVE-2014-2065

Related Vulnerabilities

WordPress Plugin s2member Secure File Browser Cross-Site Scripting (0.4.16)

WordPress Plugin Spiffy XSPF Player SQL Injection (0.1)

Oracle JRE CVE-2018-2794 Vulnerability (CVE-2018-2794)

WordPress Plugin Pinterest Automatic Pin Security Bypass (4.14.3)

WordPress 5.7.x Directory Traversal (5.7 - 5.7.11)

Severity

Medium

Classification

CVE-2014-2065 CWE-707

Tags

Missing Update Known Vulnerabilities