Description
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Quick Restaurant Menu Multiple Vulnerabilities (2.0.2)
WordPress Plugin BizLibrary Cross-Site Scripting (1.1)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1936)
Apache 2.x version older than 2.0.47
WordPress Plugin WassUp Real Time Analytics Unspecified Vulnerability (1.7.2)