Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-43495
Reference:
CVE-2023-43495
Title:
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Jenkins 2.423 and earlier LTS 2.414.1 and earlier does not escape the value of the 39caption39 constructor parameter of 39ExpandableDetailsNote39 resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.