Cloudbees · Jenkins · CVE-2014-3681
**Name of the Vulnerable Software and Affected Versions**
Jenkins versions prior to 1.583
Jenkins LTS versions prior to 1.565.3
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
**Recommendations**
For Jenkins versions prior to 1.583, update to version 1.583 or later.
For Jenkins LTS versions prior to 1.565.3, update to version 1.565.3 or later.