Cross-Site Scripting Vulnerability in Jenkins TestLink Plugin 2.12 and Earlier

CVE-2018-1000113 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript

Learn more about our Web Application Penetration Testing UK.