Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-quvj-3tpk-qug1
Vulnerability ID VCID-quvj-3tpk-qug1
Aliases CVE-2023-25761
GHSA-ph74-8rgx-64c5
Summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
epss 0.0175 https://api.first.org/data/v1/epss?cve=CVE-2023-25761
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-ph74-8rgx-64c5
cvssv3.1 5.4 https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02
generic_textual MODERATE https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02
cvssv3.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2023-25761
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-25761
cvssv3.1 5.4 https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032
generic_textual MODERATE https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032
ssvc Track https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032
cvssv3.1 5.4 http://www.openwall.com/lists/oss-security/2023/02/15/4
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2023/02/15/4
ssvc Track http://www.openwall.com/lists/oss-security/2023/02/15/4
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json
https://api.first.org/data/v1/epss?cve=CVE-2023-25761
https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02
https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032
http://www.openwall.com/lists/oss-security/2023/02/15/4
2170039 https://bugzilla.redhat.com/show_bug.cgi?id=2170039
CVE-2023-25761 https://nvd.nist.gov/vuln/detail/CVE-2023-25761
GHSA-ph74-8rgx-64c5 https://github.com/advisories/GHSA-ph74-8rgx-64c5
RHSA-2023:1866 https://access.redhat.com/errata/RHSA-2023:1866
RHSA-2023:3195 https://access.redhat.com/errata/RHSA-2023:3195
RHSA-2023:3198 https://access.redhat.com/errata/RHSA-2023:3198
RHSA-2023:3299 https://access.redhat.com/errata/RHSA-2023:3299
RHSA-2023:6171 https://access.redhat.com/errata/RHSA-2023:6171
RHSA-2023:6172 https://access.redhat.com/errata/RHSA-2023:6172
RHSA-2023:6179 https://access.redhat.com/errata/RHSA-2023:6179
RHSA-2023:7288 https://access.redhat.com/errata/RHSA-2023:7288
RHSA-2024:0775 https://access.redhat.com/errata/RHSA-2024:0775
RHSA-2024:0776 https://access.redhat.com/errata/RHSA-2024:0776
RHSA-2024:0777 https://access.redhat.com/errata/RHSA-2024:0777
RHSA-2024:0778 https://access.redhat.com/errata/RHSA-2024:0778
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25761.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/jenkinsci/junit-plugin/commit/d6b8042a06de4aaaf0942ad79036095b853eea02
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-25761
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:36:40Z/ Found at https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at http://www.openwall.com/lists/oss-security/2023/02/15/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T15:36:40Z/ Found at http://www.openwall.com/lists/oss-security/2023/02/15/4
Exploit Prediction Scoring System (EPSS)
Percentile 0.82503
EPSS Score 0.0175
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:50:54.271633+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/junit/CVE-2023-25761.yml 38.0.0