2023-09-20 16:06:09
jenkins
PUBLISHED
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.