Description
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.
Remediation
References
Related Vulnerabilities
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-40407)
WordPress Plugin MP3-jPlayer Cross-Site Scripting (1.8.3)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.29)
WordPress Plugin Font-official webfonts plugin of Fonts For Web Cross-Site Scripting (7.5.1)
WordPress Plugin Frontend File Manager Arbitrary File Upload (3.7)