Description

A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript

Remediation

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-731

Related Vulnerabilities

CVE-2023-45135 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-war

CVE-2023-43501 Vulnerability in maven package com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

CVE-2023-22946 Vulnerability in maven package org.apache.spark:spark-core_2.13

CVE-2019-10343 Vulnerability in maven package io.jenkins:configuration-as-code

CVE-2023-36477 Vulnerability in maven package org.xwiki.contrib:application-ckeditor-ui

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory