Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.
References
Configurations
History
21 Nov 2024, 01:57
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/124513 - Exploit | |
References | () http://seclists.org/bugtraq/2013/Dec/104 - Exploit | |
References | () http://seclists.org/fulldisclosure/2013/Dec/159 - | |
References | () http://www.exploit-db.com/exploits/30408 - Exploit | |
References | () http://www.osvdb.org/101187 - | |
References | () http://www.securityfocus.com/bid/64414 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/89872 - |
Information
Published : 2013-12-31 16:04
Updated : 2024-11-21 01:57
NVD link : CVE-2013-5573
Mitre link : CVE-2013-5573
CVE.ORG link : CVE-2013-5573
JSON object : View
Products Affected
jenkins
- jenkins
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')