CVE-2022-34191: 
Java vulnerability analysis and mitigation

Jenkins NS-ND Integration Performance Publisher Plugin version 4.8.0.77 and earlier contains a stored cross-site scripting (XSS) vulnerability (CVE-2022-34191). The vulnerability was discovered and disclosed on June 22, 2022, affecting the parameter handling functionality of the plugin. The issue specifically involves the plugin's failure to properly escape the name of NetStorm Test parameters on views displaying parameters (Jenkins Advisory).

The vulnerability is a stored cross-site scripting (XSS) issue that occurs when the plugin fails to escape the name of NetStorm Test parameters on views displaying parameters. The vulnerability has been assigned a severity rating of High, and it requires Item/Configure permission for exploitation. The vulnerability is tracked as SECURITY-2736 in Jenkins security tracking system (Jenkins Advisory).

This vulnerability allows attackers with Item/Configure permission to inject malicious HTML and JavaScript code into the Jenkins UI through the parameter names. When other users view pages displaying these parameters, the injected code executes in their browsers, potentially leading to session hijacking, credential theft, or other malicious actions (Jenkins Advisory).

As of the advisory's publication date, there was no fix available for this vulnerability in the NS-ND Integration Performance Publisher Plugin version 4.8.0.77. Users should monitor for updates and implement them when available. In the meantime, access to Item/Configure permissions should be strictly limited to trusted users (Jenkins Advisory).