-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the unescaped use of convertResult.getConvertedTestsString() in the form validation response. The commit 9fbd698 explicitly adds Util.escape() to sanitize this output, confirming this was the vulnerable code path. The method handles user-supplied test data and returns HTML content without proper output encoding in vulnerable versions, matching the XSS vulnerability description in CVE-2021-22510 and GHSA-gc2r-ccfh-62v9.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:hp-application-automation-tools-plugin | maven | <= 6.7 | 6.8 |
Ongoing coverage of React2Shell