# Exploit Title: Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting
# Date: 11/12/2020
# Exploit Author: gx1
# Vendor Homepage: https://www.jenkins.io/
# Software Link: https://updates.jenkins-ci.org/download/war/
# Version: This creates an icon that triggers the Cross-Site Scripting when the mouse is over and opens tooltip. Obviously, you can use css and large size and height to generate a svg element that covers all the screen in order to trigger the XSS when the user navigates the page. Solution: The following releases contain fixes for security vulnerabilities:
* Jenkins 2.252
* Jenkins LTS 2.235.4
Support the originator by clicking the read the rest link below.
