Jenkins NS-ND Integration Performance Publisher Plugin prior to version 4.8.0.147 does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Affected Packages

Maven io.jenkins.plugins:cavisson-ns-nd-integration

Affected versions: 0 (fixed in 4.8.0.147)

Related CVEs

CVE-2022-41229

Key Information

GHSA ID

GHSA-fq2h-r2h9-pj8r

Published

September 22, 2022 12:00 AM

Last Modified

December 6, 2022 1:56 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

io.jenkins.plugins:cavisson-ns-nd-integration

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.