Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields.
{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.93.1"
}
],
"cpe": "cpe:2.3:a:jenkins:email_extension:*:*:*:*:*:jenkins:*:*"
}