A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript
CPE | Name | Operator | Version |
---|---|---|---|
org.jenkins-ci.plugins:testlink | eq | 2.5.1 |