Lucene search

[email protected]CVE-2013-5573

HistoryDec 31, 2013 - 4:04 p.m.

CVE-2013-5573

2013-12-3116:04:00

CWE-79

[email protected]

web.nvd.nist.gov

nvd

jenkins

xss

security

cve-2013-5573

7.5 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.033 Low

EPSS

Percentile

91.3%

JSON

Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

CPENameOperatorVersion
jenkins:jenkinsjenkinseq1.523

CPE	Name	Operator	Version
jenkins:jenkins	jenkins	eq	1.523

References

packetstormsecurity.com/files/124513

seclists.org/bugtraq/2013/Dec/104

seclists.org/fulldisclosure/2013/Dec/159

www.exploit-db.com/exploits/30408

www.osvdb.org/101187

www.securityfocus.com/bid/64414

exchange.xforce.ibmcloud.com/vulnerabilities/89872

7.5 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.033 Low

EPSS

Percentile

91.3%

JSON

Related for CVE-2013-5573

seebug1 securityvulns3 packetstorm1 exploitpack1 prion1 ubuntucve1 veracode1 exploitdb1 nessus2 freebsd1 openvas2