CVE-2023-33002 in TestComplete Support Plugininformation

Résumé

par MITRE • 16/05/2023

Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Once again VulDB remains the best source for vulnerability data.

Réserver

16/05/2023

Divulgation

16/05/2023

Modérer

accepté

Entrée

VDB-229225

CPE

prêt

EPSS

0.02364

KEV

non

Activités

très faible

Sources

Interested in the pricing of exploits?

See the underground prices here!