CVE-2018-1000202

https://notcve.org/view.php?id=CVE-2018-1000202

05 Jun 2018 — A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. Existe una vulnerabilidad de Cross-Site Scripting (XSS) persistente en el plugin Groovy Postbuild 2.3.1 y anteriores de Jenkins en varios archivos Jelly que permite que los atacantes puedan controlar el conten... • https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •