Описание
Stored cross-site scripting vulnerability in Jenkins TestLink Plugin
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript
Пакеты
Наименование
org.jenkins-ci.plugins:testlink
maven
Затронутые версииВерсия исправления
<= 2.12
2.13
Связанные уязвимости
CVSS3: 5.4
nvd
почти 8 лет назад
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript