CVE-2017-1000102
Persistent XSS vulnerability in Static Analysis Utilities
5.4
MEDIUM
CVSS 3.1
EPSS 0.05%
Description
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.
How to fix CVE-2017-1000102
To remediate CVE-2017-1000102, upgrade the affected package to a fixed version below.
- —upgrade to 1.92 or later
Is CVE-2017-1000102 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.92
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |