Security Advisory
CVE-2023-43495
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.