{"id":"CVE-2023-25761","details":"Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.","aliases":["GHSA-ph74-8rgx-64c5"],"modified":"2026-04-10T04:56:06.543854Z","published":"2023-02-15T14:15:13.387Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2023/02/15/4"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/junit-plugin","events":[{"introduced":"0"},{"last_affected":"a436e268e972d6eaa1ac8ae51ff16772a10c84a6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1166.va_436e268e972"}]}}],"versions":["1119.va_a_5e9068da_d7","1143.v8d9a_e3355270","1144.v909f4d9978e8","1150.v5c2848328b_60","1153.v1c24f1a_d2553","1156.vcf492e95a_a_b_0","1159.v0b_396e1e07dd","1166.va_436e268e972","junit-1.0","junit-1.1","junit-1.10","junit-1.11","junit-1.12","junit-1.13","junit-1.15","junit-1.16","junit-1.17","junit-1.18","junit-1.19","junit-1.2","junit-1.2-beta-1","junit-1.2-beta-2","junit-1.2-beta-3","junit-1.2-beta-4","junit-1.20","junit-1.21","junit-1.22","junit-1.22-beta-1","junit-1.22.1","junit-1.22.2","junit-1.23","junit-1.24","junit-1.25","junit-1.26","junit-1.26.1","junit-1.27","junit-1.28","junit-1.29","junit-1.3","junit-1.30","junit-1.31","junit-1.32","junit-1.33","junit-1.34","junit-1.35","junit-1.36","junit-1.37","junit-1.38","junit-1.39","junit-1.4","junit-1.40","junit-1.41","junit-1.42","junit-1.43","junit-1.44","junit-1.45","junit-1.46","junit-1.47","junit-1.48","junit-1.49","junit-1.5","junit-1.50","junit-1.51","junit-1.52","junit-1.53","junit-1.53.1","junit-1.54","junit-1.55","junit-1.56","junit-1.57","junit-1.58","junit-1.59","junit-1.6","junit-1.60","junit-1.61","junit-1.62","junit-1.63","junit-1.64","junit-1.7","junit-1.8","junit-1.9","next","untagged-5894d25928dffc9e1c74"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25761.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}