Muhammed Niazy

**Name of the Vulnerable Software and Affected Versions** Jenkins versions 2.483 through 2.550 Jenkins LTS versions 2.492.1 through 2.541.1 **Description** The application does not properly sanitize user-supplied data within the description field of the "Mark temporarily offline" functionality. This can lead to a stored cross-site scripting (XSS) condition. Successful exploitation requires an attacker to have Agent/Configure or Agent/Disconnect permissions. The vulnerability involves the lack of escaping of user input, potentially allowing malicious scripts to be stored and executed within the application. **Recommendations** Update Jenkins to a version greater than 2.550. Update Jenkins LTS to a version greater than 2.541.1.