CVE-2016-3101
MEDIUMJenkins Extra Columns < 1.17 - Cross-Site Scripting via Unfiltered Tooltip Markup
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11
Scores
CVSS v3
5.4
EPSS
0.0015
EPSS Percentile
35.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
jenkins/extra_columns
< 1.17
org.jenkins-ci.plugins/extra-columns
0 - 1.17Maven
Published
Feb 09, 2017
Tracked Since
Feb 18, 2026