Description
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.
Remediation
References
Related Vulnerabilities
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-6975)
WordPress Plugin JobSearch WP Job Board Cross-Site Scripting (1.5.5)
WordPress Plugin Easy Comment Uploads 'upload.php' Arbitrary File Upload (0.61)
Apache Tomcat Other Vulnerability (CVE-2003-0043)
WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.18.727)