Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2017-1000392
Reference:
CVE-2017-1000392
Title:
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Jenkins 2.88 and earlier 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.