Description
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
Remediation
References
https://jenkins.io/security/advisory/2016-06-20/
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
Related Vulnerabilities
CVE-2021-41182 Vulnerability in npm package jquery-ui
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12
CVE-2013-1966 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2015-8862 Vulnerability in maven package org.webjars.bower:mustache
CVE-2018-1999029 Vulnerability in maven package org.jenkins-ci.plugins:shelve-project-plugin