Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin’s test information pages.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.

TestNG Results Plugin 730.732.v959a_3a_a_eb_a_72 escapes the affected values that are parsed from TestNG report files.

Affected Packages

Maven org.jenkins-ci.plugins:testng-plugin

Affected versions: 0 (fixed in 730.732.v959a)

Related CVEs

CVE-2023-32984

Key Information

GHSA ID

GHSA-h3hg-r97v-5r9w

Published

May 16, 2023 6:30 PM

Last Modified

January 5, 2024 1:20 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:testng-plugin

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.