Cross site scripting

Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure Build Monitor Views...

CVE-2024-28156

CVE-2024-28156 affects Jenkins Build Monitor View Plugin (versions ≤ 1.14-860.vd06ef2568b_3f). The root cause is that Build Monitor View names are not escaped, which enables stored cross-site scripting (XSS) when an attacker can configure Build Monitor Views. Multiple sources corroborate: Red Hat...