Description
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2533 Vulnerability (CVE-2019-2533)
WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.39)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5540)
WordPress Plugin Mailster-Email Newsletter for WordPress Cross-Site Scripting (2.4.5.1)