Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

Remediation

References

CVE-2015-7536

Related Vulnerabilities

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2011-3336)

MySQL CVE-2017-3238 Vulnerability (CVE-2017-3238)

WordPress Plugin FV Flowplayer Video Player SQL Injection (7.3.18.727)

WordPress Plugin WTI Like Post SQL Injection (1.4.2)

MySQL CVE-2019-2738 Vulnerability (CVE-2019-2738)

Severity

Medium

Classification

CVE-2015-7536 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities