Arbitrary Web Script Injection in Jenkins Build Failure Analyzer Plugin

Arbitrary Web Script Injection in Jenkins Build Failure Analyzer Plugin

CVE-2016-4988 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

Learn more about our Web App Pen Testing.