Description
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Remediation
References
http://osvdb.org/100106
http://secunia.com/advisories/55783
https://wiki.jenkins-ci.org/display/JENKINS/Build+Failure+Analyzer
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20
Related Vulnerabilities
CVE-2019-16574 Vulnerability in maven package com.alauda.jenkins.plugins:alauda-devops-pipeline
CVE-2023-34036 Vulnerability in maven package org.springframework.hateoas:spring-hateoas
CVE-2023-28640 Vulnerability in maven package io.apiman:apiman-manager-api-rest-impl
CVE-2019-10466 Vulnerability in maven package org.jenkins-ci.plugins.plugin:fireline
CVE-2023-40311 Vulnerability in maven package org.opennms:opennms-webapp