Описание
Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 730.v4c5283037693 (включая)
cpe:2.3:a:jenkins:testng_results:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 85%
0.02557
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 2 лет назад
Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability
EPSS
Процентиль: 85%
0.02557
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79