CVE-2017-1000102
MEDIUMStatic Analysis Utilities < 1.91 - Stored Cross-Site Scripting in Details View
Title source: llmDescription
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2017-08-07/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101061
Scores
CVSS v3
5.4
EPSS
0.0005
EPSS Percentile
15.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
jenkins/static_analysis_utilities
< 1.91
org.jvnet.hudson.plugins/analysis-core
0 - 1.92Maven
Published
Oct 05, 2017
Tracked Since
Feb 18, 2026