Jenkins is vulnerable to Cross Site Scripting. The vulnerability occurs due to improper sanitization of the caption
constructor parameter in the ExpandableDetailsNote
. The attacker can exploit this vulnerability by injecting malicious payload in the caption
parameter resulting in the execution of JavaScript at client side.
CPE | Name | Operator | Version |
---|---|---|---|
jenkins core | le | 2.423 | |
jenkins core | le | 2.414.1 | |
org.jenkins-ci.main:jenkins-core | le | 2.423 | |
org.jenkins-ci.main:jenkins-core | le | 2.414.1 |