Description
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.
Remediation
References
Related Vulnerabilities
WordPress Ultimate Member Plugin CVE-2020-36157 Vulnerability (CVE-2020-36157)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-0762)
WordPress Other Vulnerability (CVE-2007-3241)
WordPress Plugin Wordable Security Bypass (3.1.1)
WordPress Plugin Backup Scheduler Cross-Site Request Forgery (1.5.13)