Description
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2007-2117 Vulnerability (CVE-2007-2117)
PostgreSQL CVE-2022-41862 Vulnerability (CVE-2022-41862)
Oracle JRE CVE-2018-2797 Vulnerability (CVE-2018-2797)
MySQL CVE-2020-2580 Vulnerability (CVE-2020-2580)
WordPress Plugin SP Project & Document Manager Unspecified Vulnerability (2.6.2.5)