Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-10401
Reference:
CVE-2019-10401
Title:
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
In Jenkins 2.196 and earlier LTS 2.176.3 and earlier the f:expandableTextBox form control interpreted its content as HTML when expanded resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure).