CVE-2021-21628: 
Java vulnerability analysis and mitigation

CVE-2021-21628 is a stored cross-site scripting (XSS) vulnerability discovered in the Jenkins Build With Parameters Plugin. The vulnerability was disclosed on March 30, 2021, affecting versions 1.5 and earlier of the plugin. The vulnerability stems from the plugin's failure to properly escape parameter names and descriptions (Jenkins Advisory, OSS Security).

The vulnerability is classified as a stored XSS vulnerability with a High severity CVSS rating. The security flaw exists because the Build With Parameters Plugin version 1.5 and earlier does not implement proper escaping for parameter names and descriptions. This vulnerability can be exploited by attackers who have Job/Configure permission in the Jenkins environment (Jenkins Advisory).

The vulnerability allows attackers with Job/Configure permission to execute stored cross-site scripting attacks through unescaped parameter names and descriptions. This could potentially lead to the execution of malicious JavaScript code in the context of other users' browsers who access the affected Jenkins instance (Jenkins Advisory).

The vulnerability has been fixed in Build With Parameters Plugin version 1.5.1, which properly escapes parameter names and descriptions. Users are strongly advised to upgrade to this version to mitigate the risk. The fix was released as part of the Jenkins Security Advisory on March 30, 2021 (Jenkins Advisory).