{"id":"CVE-2023-33002","details":"Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.","aliases":["GHSA-5wpg-qcmj-48wh"],"modified":"2026-03-14T12:07:08.696156Z","published":"2023-05-16T17:15:12.293Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2892"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/testcomplete-plugin","events":[{"introduced":"0"},{"last_affected":"a9f345e5bdaff881b7e1e1672b545ad41992c3bd"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.8.1"}]}}],"versions":["TestComplete-1.1","TestComplete-1.10","TestComplete-1.11","TestComplete-1.2","TestComplete-1.3","TestComplete-1.4","TestComplete-1.5","TestComplete-1.6","TestComplete-1.7","TestComplete-1.8","TestComplete-1.9","TestComplete-2.0","TestComplete-2.1","TestComplete-2.2","TestComplete-2.3","TestComplete-2.4","TestComplete-2.4.1","TestComplete-2.5","TestComplete-2.5.1","TestComplete-2.5.2","TestComplete-2.6","TestComplete-2.6.1","TestComplete-2.6.2","TestComplete-2.7","TestComplete-2.8","TestComplete-2.8.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33002.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}