CVE-2021-21610
maven/org.jenkins-ci.main/jenkins-core
Cross-site Scripting
Jenkins does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query
parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup.
All versions after 2.263.1 up to 2.274
Unfortunately, there is no solution available yet.
2021-01-18
source |