CVE-2017-1000102

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.jvnet.hudson.plugins/analysis-core

Identifiers

GHSA-9c2p-99pg-c4j9, CVE-2017-1000102

Package Slug

maven/org.jvnet.hudson.plugins/analysis-core

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.

Affected Versions

All versions up to 1.91

Solution

Upgrade to version 1.92 or above.

Last Modified

2024-01-31

source