CVE-2023-25763: 
Java vulnerability analysis and mitigation

CVE-2023-25763 is a stored cross-site scripting (XSS) vulnerability discovered in Jenkins Email Extension Plugin versions 2.93 and earlier. The vulnerability was disclosed on February 15, 2023, affecting the plugin's bundled email templates feature. The issue stems from the plugin's failure to properly escape various fields included in email templates (Jenkins Advisory, OSS Security).

The vulnerability exists in the Email Template Testing feature of the Jenkins Email Extension Plugin, which allows users to preview how email templates would appear based on a given build. The plugin fails to properly escape various fields included in email templates, including build display name, user display name, and test names. The vulnerability is rated as High severity according to CVSS scoring system (Jenkins Advisory).

This vulnerability allows attackers who can control affected fields to execute stored cross-site scripting (XSS) attacks. The affected fields include build display name, user display name, and the names of tests, which could be manipulated to inject malicious scripts (Jenkins Advisory).

The vulnerability has been fixed in Email Extension Plugin version 2.93.1, which properly escapes the affected fields in bundled email templates. Users are advised to update to this version or later to mitigate the vulnerability (Jenkins Advisory).