CVE-2023-32984

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.jenkins-ci.plugins/testng-plugin

Identifiers

GHSA-h3hg-r97v-5r9w, CVE-2023-32984

Package Slug

maven/org.jenkins-ci.plugins/testng-plugin

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.

Affected Versions

All versions before 730.732.v959a

Solution

Upgrade to version 730.732.v959a or above.

Last Modified

2023-05-17

source