Jenkins allows Cross-Site Scripting (XSS)

GHSA-cc55-c9j4-m7cx · CVE-2012-0325

Published May 4, 2022 · Modified Mar 13, 2025

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2012-0325
PACKAGE https://github.com/jenkinsci/jenkins
WEB https://web.archive.org/web/20200229025003/http://www.securityfocus.com/bid/52384
WEB http://jvn.jp/en/jp/JVN79950061/index.html
WEB http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023
WEB http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes