Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.

Remediation

References

CVE-2014-2065

Related Vulnerabilities

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)

Oracle Database Server CVE-2009-1015 Vulnerability (CVE-2009-1015)

MySQL CVE-2014-6505 Vulnerability (CVE-2014-6505)

WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (12.0.1)

Internet Information Services Other Vulnerability (CVE-2002-0224)

Severity

Medium

Classification

CVE-2014-2065 CWE-707

Tags

Missing Update Known Vulnerabilities