{"id":"CVE-2022-45380","details":"Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.","aliases":["GHSA-298r-5c48-7q2r"],"modified":"2026-04-10T04:52:25.919700Z","published":"2022-11-15T20:15:11.480Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2022/11/15/4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/junit-plugin","events":[{"introduced":"0"},{"fixed":"f1f01aaeab7fa35017112f6163b89283390f5da8"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1160.vf1f01a_a_ea_b_7f"}]}}],"versions":["1119.va_a_5e9068da_d7","1143.v8d9a_e3355270","1144.v909f4d9978e8","1150.v5c2848328b_60","1153.v1c24f1a_d2553","1156.vcf492e95a_a_b_0","1159.v0b_396e1e07dd","junit-1.0","junit-1.1","junit-1.10","junit-1.11","junit-1.12","junit-1.13","junit-1.15","junit-1.16","junit-1.17","junit-1.18","junit-1.19","junit-1.2","junit-1.2-beta-1","junit-1.2-beta-2","junit-1.2-beta-3","junit-1.2-beta-4","junit-1.20","junit-1.21","junit-1.22","junit-1.22-beta-1","junit-1.22.1","junit-1.22.2","junit-1.23","junit-1.24","junit-1.25","junit-1.26","junit-1.26.1","junit-1.27","junit-1.28","junit-1.29","junit-1.3","junit-1.30","junit-1.31","junit-1.32","junit-1.33","junit-1.34","junit-1.35","junit-1.36","junit-1.37","junit-1.38","junit-1.39","junit-1.4","junit-1.40","junit-1.41","junit-1.42","junit-1.43","junit-1.44","junit-1.45","junit-1.46","junit-1.47","junit-1.48","junit-1.49","junit-1.5","junit-1.50","junit-1.51","junit-1.52","junit-1.53","junit-1.53.1","junit-1.54","junit-1.55","junit-1.56","junit-1.57","junit-1.58","junit-1.59","junit-1.6","junit-1.60","junit-1.61","junit-1.62","junit-1.63","junit-1.64","junit-1.7","junit-1.8","junit-1.9","next","untagged-5894d25928dffc9e1c74"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45380.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}