Описание
TestComplete support Plugin vulnerable to stored Cross-site Scripting
TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name in its test result page.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
As of publication of this advisory, there is no fix.
Пакеты
Наименование
org.jenkins-ci.plugins:TestComplete
maven
Затронутые версииВерсия исправления
<= 2.8.1
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
больше 2 лет назад
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.