Description

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.

Remediation

References

CVE-2019-10383

Related Vulnerabilities

Apache Tomcat version older than 6.0.18

WordPress Other Vulnerability (CVE-2006-2667)

WordPress Plugin BulletProof Security Multiple Cross-Site Scripting Vulnerabilities (.48.9)

MySQL CVE-2021-35591 Vulnerability (CVE-2021-35591)

WordPress Plugin WooCommerce Social Login Privilege Escalation (2.7.3)

Severity

Medium

Classification

CVE-2019-10383 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities