CVE-2016-4988
MEDIUMJenkins Build Failure Analyzer < 1.16.0 - Cross-Site Scripting
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
Vendor Advisory
https://jenkins.io/security/advisory/2016-06-20/
Scores
CVSS v3
6.1
EPSS
0.0009
EPSS Percentile
25.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
com.sonyericsson.jenkins.plugins.bfa/build-failure-analyzer
0 - 1.16.0Maven
jenkins/build_failure_analyzer
< 1.16.0
Published
Feb 09, 2017
Tracked Since
Feb 18, 2026