[com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer] Cross-site Scripting in Jenkins Build Failure Analyzer plugin

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

References

• https://nvd.nist.gov/vuln/detail/CVE-2016-4988
• https://jenkins.io/security/advisory/2016-06-20/
• https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
• https://github.com/advisories/GHSA-7w89-qqxx-c62r