← Back to CVE List
CVE-2021-21611
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt