Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-10383
Reference:
CVE-2019-10383
Title:
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.