Description
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Share Button Cross-Site Scripting (2.1)
SharePoint CVE-2020-17089 Vulnerability (CVE-2020-17089)
Joomla! Core 3.x.x Multiple Cross-Site Scripting Vulnerabilities (3.0.0 - 3.8.7)
MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-45363)
WordPress Plugin Knews Multilingual Newsletters SQL Injection (1.7.0)