Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins JUnit Plugin

Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins JUnit Plugin

CVE-2023-25761 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.

Learn more about our Web Application Penetration Testing UK.