Description
Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3047
Related Vulnerabilities
CVE-2023-25572 Vulnerability in maven package org.webjars.npm:react-admin
CVE-2016-3093 Vulnerability in maven package com.opensymphony:xwork-core
CVE-2023-25653 Vulnerability in maven package org.webjars.npm:node-jose
CVE-2017-8045 Vulnerability in maven package org.springframework.amqp:spring-amqp
CVE-2022-34190 Vulnerability in maven package eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin