Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability
Moderate severity
GitHub Reviewed
Published
May 16, 2023
to the GitHub Advisory Database
•
Updated Jan 5, 2024
Package
Affected versions
< 730.732.v959a
Patched versions
730.732.v959a
Description
Published by the National Vulnerability Database
May 16, 2023
Published to the GitHub Advisory Database
May 16, 2023
Reviewed
May 17, 2023
Last updated
Jan 5, 2024
Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin’s test information pages.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.
TestNG Results Plugin 730.732.v959a_3a_a_eb_a_72 escapes the affected values that are parsed from TestNG report files.
References