GHSA-XJ29-GFWW-J67G Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action. Version 3.3.2.1 escapes clas...