Vulnerabilities > Jenkins > Testcomplete Support > 2.6.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-16 | CVE-2023-33002 | Cross-site Scripting vulnerability in Jenkins Testcomplete Support Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2023-01-26 | CVE-2023-24443 | XXE vulnerability in Jenkins Testcomplete Support Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |