CVE-2023-32984

Name of the Vulnerable Software and Affected Versions Jenkins TestNG Results Plugin versions 730.v4c5283037693 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the plugin does not escape several values parsed from TestNG report files and displayed on the plugin's test information pages. This makes it exploitable by attackers who can provide a crafted TestNG report file.

Recommendations For Jenkins TestNG Results Plugin versions 730.v4c5283037693 and earlier, update to version 730.732.v959a 3a a eb a 72 or later, which escapes the affected values that are parsed from TestNG report files.