Jenkins · Jenkins Build Failure Analyzer Plugin · CVE-2016-4988
**Name of the Vulnerable Software and Affected Versions**
Jenkins Build Failure Analyzer plugin versions prior to 1.16.0
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
**Recommendations**
For versions prior to 1.16.0, update to version 1.16.0 or later to resolve the issue.