An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1xNzg3LXFndzItajJxZs02nA

Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin

Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 6 months ago

CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-q787-qgw2-j2qf, CVE-2022-28159
References: Blast Radius: 1.0

Affected Packages

Affected Version Ranges: <= 1.3.3
No known fixed version