Description
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
References (1)
Core 1
Core References
Scores
CVSS v3
5.4
EPSS
0.4362
EPSS Percentile
97.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
jenkins/junit
< 1119.va_a_5e9068da_d7
org.jenkins-ci.plugins/junit
0 - 1119.1121.vc43d0fc45561Maven
Published
Jun 23, 2022
Tracked Since
Feb 18, 2026