CVE-2021-21611
maven/org.jenkins-ci.main/jenkins-core
Cross-site Scripting
Jenkins does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.
All versions after 2.263.1 up to 2.274
Unfortunately, there is no solution available yet.
2021-01-18
source |