Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-21608
Reference:
CVE-2021-21608
Title:
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Jenkins 2.274 and earlier LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.