Lucene search
K

70 matches found

osv
osv
added 2023/07/07 5:54 a.m.12 views

MGASA-2023-0220 Updated testng packages fix security vulnerability

Path traversal in zip files CVE-2022-4065...

7.8CVSS7.5AI score0.00876EPSS
Exploits1References3
veracode
veracode
added 2023/05/30 8:15 a.m.18 views

Cross-Site Scripting (XSS)

Jenkins TestNG Results Plugin is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to lack of escaping of values that are parsed from TestNG report files which allows an attacker to inject and execute arbitrary JavaScript...

5.4CVSS6.5AI score0.00456EPSS
Exploits0References2Affected Software1
osv
osv
added 2023/05/16 6:30 p.m.28 views

GHSA-H3HG-R97V-5R9W Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin’s test information pages. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a...

5.4CVSS5.3AI score0.00456EPSS
Exploits0References3
github
github
added 2023/05/16 6:30 p.m.20 views

Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin’s test information pages. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a...

5.4CVSS5.4AI score0.00456EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2023/05/16 4:15 p.m.29 views

CVE-2023-32984

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a crafted...

5.4CVSS5.2AI score0.00456EPSS
Exploits0References1
osv
osv
added 2023/05/16 4:15 p.m.3 views

CVE-2023-32984

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a crafted...

5.4CVSS6AI score0.00456EPSS
Exploits0References1
prion
prion
added 2023/05/16 4:15 p.m.16 views

Cross site scripting

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a crafted...

4.9CVSS5.1AI score0.00456EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/05/16 4:0 p.m.28 views

CVE-2023-32984

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a crafted...

5.4AI score0.00456EPSS
Exploits0References1
cve
cve
added 2023/05/16 4:0 p.m.55 views

CVE-2023-32984

CVE-2023-32984 affects the Jenkins TestNG Results Plugin (730.v4c5283037693 and earlier). The vulnerability is a stored XSS caused by insufficient escaping of values parsed from TestNG report files, which are displayed on the plugin’s test information pages. Exploitation requires an attacker to s...

5.4CVSS5.1AI score0.00456EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/05/16 4:0 p.m.7 views

CVE-2023-32984

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a crafted...

5.2AI score0.00456EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2023/05/16 4:0 p.m.17 views

CVE-2023-32984

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a crafted...

5.4CVSS5.6AI score0.00456EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/05/16 12:0 a.m.4 views

Jenkins Plugin TestNG Results 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.4CVSS5.7AI score0.00456EPSS
Exploits0References4
redhatcve
redhatcve
added 2023/04/07 8:59 p.m.31 views

CVE-2022-4065

A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to...

7CVSS6.4AI score0.00876EPSS
Exploits1References4
openvas
openvas
added 2023/03/31 12:0 a.m.13 views

SUSE: Security Advisory (SUSE-SU-2023:1690-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS5.9AI score0.00876EPSS
Exploits1References4
nessus
nessus
added 2023/03/31 12:0 a.m.24 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : testng (SUSE-SU-2023:1690-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1690-1 advisory. - CVE-2022-4065: Fixed a path traversal in zip files bsc1205628. Tenable has extracted the preceding...

7.8CVSS6.4AI score0.00876EPSS
Exploits1References4
osv
osv
added 2023/03/29 8:9 p.m.9 views

SUSE-SU-2023:1690-1 Security update for testng

This update for testng fixes the following issues: - CVE-2022-4065: Fixed a path traversal in zip files bsc1205628...

7.8CVSS7.5AI score0.00876EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 3:30 a.m.5 views

SUSE CVE-2022-4065

A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to...

8.8CVSS5.8AI score0.00876EPSS
Exploits1References5
veracode
veracode
added 2022/11/21 11:27 a.m.31 views

Path Traversal

org.testng:testng is vulnerable to path traversal. A remote authenticated attacker is able to cause a malicious zip file to break out of the expected destination directory, writing contents into arbitrary locations on the file system via the testngXmlExistsInJar function of the...

7.8CVSS7.2AI score0.00876EPSS
Exploits1References6Affected Software1
vulnersosv
vulnersosv
added 2022/11/19 9:30 p.m.8 views

CodeLineCounter:lineCounterPlugin (=1.1.4), app.getxray:xray-testng-extensions (>=0.3.0 <=0.5.0) +3530 more potentially affected by CVE-2022-4065 via org.testng:testng (>=6.13 <=7.5)

org.testng:testng MAVEN version =6.13, =0.3.0, =0.0.4, =0.3.0, =0.9.0, =0.26.0, =0.20.0, =0.9.0, =0.23.0, =0.28.0 - br.com.objectos.orm:testing =0.2.0 - br.com.objectos.oss-java11:objectos-testing =1.0.0 - br.com.objectos.oss-java16:objectos-testing =1.0.0 and more Source cves: CVE-2022-4065 Sour...

7.8CVSS6.3AI score0.00876EPSS
Exploits1
vulnersosv
vulnersosv
added 2022/11/19 9:30 p.m.8 views

app.getxray:xray-testng-extensions (>=0.1.0 <=0.2.0-beta), com.actiontestscript:ats-automated-testing (>=2.3.6 <=2.5.8) +143 more potentially affected by CVE-2022-4065 via org.testng:testng (>=7.6.0 <=7.6.1)

org.testng:testng MAVEN version =7.6.0, =0.1.0, =2.3.6, =2.4.13, =0.33.0, =1.3, =0.0.2, =0.0.2, =0.0.2, =3.0.0, =2.7.0, =2.8.1 and more Source cves: CVE-2022-4065 Source advisory: OSV:GHSA-RC2Q-X9MF-W3VF...

7.8CVSS6.3AI score0.00876EPSS
Exploits1
Rows per page
Query Builder