Jenkins allows Cross-Site Scripting (XSS)

GHSA-4w4h-8qh9-342x · CVE-2012-0324

Published May 4, 2022 · Modified Mar 12, 2025

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2012-0324
PACKAGE https://github.com/jenkinsci/jenkins
WEB https://web.archive.org/web/20200229025003/https://www.securityfocus.com/bid/52384
WEB http://jvn.jp/en/jp/JVN14791558/index.html
WEB http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022
WEB http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes